Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:4625-1

Опубликовано: 01 дек. 2023
Источник: suse-cvrf

Описание

Security update for containerd, docker, runc

This update for containerd, docker, runc fixes the following issues:

containerd:

-Update to containerd v1.7.8. Upstream release notes:

https://github.com/containerd/containerd/releases/tag/v1.7.8

docker:

  • Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407 (bsc#1217513)
    • Deny containers access to /sys/devices/virtual/powercap by default.
      • CVE-2020-8694 bsc#1170415
      • CVE-2020-8695 bsc#1170446
      • CVE-2020-12912 bsc#1178760

runc:

Список пакетов

Image SLES12-SP5-Azure-Basic-On-Demand
containerd-1.7.8-16.88.1
docker-24.0.7_ce-98.103.1
runc-1.1.10-16.40.1
Image SLES12-SP5-Azure-Standard-On-Demand
containerd-1.7.8-16.88.1
docker-24.0.7_ce-98.103.1
runc-1.1.10-16.40.1
Image SLES12-SP5-EC2-ECS-On-Demand
containerd-1.7.8-16.88.1
docker-24.0.7_ce-98.103.1
runc-1.1.10-16.40.1
Image SLES12-SP5-EC2-On-Demand
containerd-1.7.8-16.88.1
docker-24.0.7_ce-98.103.1
runc-1.1.10-16.40.1
Image SLES12-SP5-GCE-On-Demand
containerd-1.7.8-16.88.1
docker-24.0.7_ce-98.103.1
runc-1.1.10-16.40.1
SUSE Linux Enterprise Module for Containers 12
containerd-1.7.8-16.88.1
docker-24.0.7_ce-98.103.1
runc-1.1.10-16.40.1

Ссылки

Описание

A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.

Затронутые продукты
Image SLES12-SP5-Azure-Basic-On-Demand:containerd-1.7.8-16.88.1
Image SLES12-SP5-Azure-Basic-On-Demand:docker-24.0.7_ce-98.103.1
Image SLES12-SP5-Azure-Basic-On-Demand:runc-1.1.10-16.40.1
Image SLES12-SP5-Azure-Standard-On-Demand:containerd-1.7.8-16.88.1
Ссылки

Описание

Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты
Image SLES12-SP5-Azure-Basic-On-Demand:containerd-1.7.8-16.88.1
Image SLES12-SP5-Azure-Basic-On-Demand:docker-24.0.7_ce-98.103.1
Image SLES12-SP5-Azure-Basic-On-Demand:runc-1.1.10-16.40.1
Image SLES12-SP5-Azure-Standard-On-Demand:containerd-1.7.8-16.88.1
Ссылки

Описание

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

Затронутые продукты
Image SLES12-SP5-Azure-Basic-On-Demand:containerd-1.7.8-16.88.1
Image SLES12-SP5-Azure-Basic-On-Demand:docker-24.0.7_ce-98.103.1
Image SLES12-SP5-Azure-Basic-On-Demand:runc-1.1.10-16.40.1
Image SLES12-SP5-Azure-Standard-On-Demand:containerd-1.7.8-16.88.1
Ссылки
Уязвимость SUSE-SU-2023:4625-1