openSUSE-SU-2021:1954-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1954-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2021:1954-1
- Related
- Published
- 2021-07-10T13:50:39Z
- Modified
- 2021-07-10T13:50:39Z
- Summary
- Security update for containerd, docker, runc
- Details
-
This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594)
- Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476).
- CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732)
- CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730).
- btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081)
runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962).
- Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).
- Fixed /dev/null is not available (bsc#1168481).
- CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405).
containerd was updated to v1.4.4
- CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397).
- Handle a requirement from docker (bsc#1181594).
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OX775QFGRPXXX7W5FDFKP3V5KCNZYD7F/
- https://bugzilla.suse.com/1168481
- https://bugzilla.suse.com/1175081
- https://bugzilla.suse.com/1175821
- https://bugzilla.suse.com/1181594
- https://bugzilla.suse.com/1181641
- https://bugzilla.suse.com/1181677
- https://bugzilla.suse.com/1181730
- https://bugzilla.suse.com/1181732
- https://bugzilla.suse.com/1181749
- https://bugzilla.suse.com/1182451
- https://bugzilla.suse.com/1182476
- https://bugzilla.suse.com/1182947
- https://bugzilla.suse.com/1183024
- https://bugzilla.suse.com/1183855
- https://bugzilla.suse.com/1184768
- https://bugzilla.suse.com/1184962
- https://bugzilla.suse.com/1185405
- https://www.suse.com/security/cve/CVE-2021-21284
- https://www.suse.com/security/cve/CVE-2021-21285
- https://www.suse.com/security/cve/CVE-2021-21334
- https://www.suse.com/security/cve/CVE-2021-30465
Affected packages
openSUSE:Leap 15.3 / containerd
Package
- Name
- containerd
- Purl
- purl:rpm/suse/containerd&distro=openSUSE%20Leap%2015.3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.4-5.32.1
Ecosystem specific
{
"binaries": [
{
"runc": "1.0.0~rc93-1.14.2",
"docker-zsh-completion": "20.10.6_ce-6.49.3",
"containerd": "1.4.4-5.32.1",
"docker-bash-completion": "20.10.6_ce-6.49.3",
"docker": "20.10.6_ce-6.49.3",
"docker-fish-completion": "20.10.6_ce-6.49.3",
"containerd-ctr": "1.4.4-5.32.1"
}
]
}
openSUSE:Leap 15.3 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=openSUSE%20Leap%2015.3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20.10.6_ce-6.49.3
Ecosystem specific
{
"binaries": [
{
"runc": "1.0.0~rc93-1.14.2",
"docker-zsh-completion": "20.10.6_ce-6.49.3",
"containerd": "1.4.4-5.32.1",
"docker-bash-completion": "20.10.6_ce-6.49.3",
"docker": "20.10.6_ce-6.49.3",
"docker-fish-completion": "20.10.6_ce-6.49.3",
"containerd-ctr": "1.4.4-5.32.1"
}
]
}
openSUSE:Leap 15.3 / runc
Package
- Name
- runc
- Purl
- purl:rpm/suse/runc&distro=openSUSE%20Leap%2015.3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.0~rc93-1.14.2
Ecosystem specific
{
"binaries": [
{
"runc": "1.0.0~rc93-1.14.2",
"docker-zsh-completion": "20.10.6_ce-6.49.3",
"containerd": "1.4.4-5.32.1",
"docker-bash-completion": "20.10.6_ce-6.49.3",
"docker": "20.10.6_ce-6.49.3",
"docker-fish-completion": "20.10.6_ce-6.49.3",
"containerd-ctr": "1.4.4-5.32.1"
}
]
}