Описание
Security update for buildah, docker
This update for buildah, docker fixes the following issues:
Changes in docker:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
-
Update to Docker 25.0.6-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/25.0/#2506
-
Update to Docker 25.0.5-ce (bsc#1223409)
-
Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916)
-
Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855)
Changes in buildah:
-
Update to version 1.35.4:
- [release-1.35] Bump to Buildah v1.35.4
- [release-1.35] CVE-2024-3727 updates (bsc#1224117)
- integration test: handle new labels in 'bud and test --unsetlabel'
- [release-1.35] Bump go-jose CVE-2024-28180
- [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
-
Update to version 1.35.3:
- [release-1.35] Bump to Buildah v1.35.3
- [release-1.35] correctly configure /etc/hosts and resolv.conf
- [release-1.35] buildah: refactor resolv/hosts setup.
- [release-1.35] rename the hostFile var to reflect
- [release-1.35] Bump c/common to v0.58.1
- [release-1.35] Bump Buildah to v1.35.2
- [release-1.35] CVE-2024-24786 protobuf to 1.33
- [release-1.35] Bump to v1.35.2-dev
-
Update to version 1.35.1:
- [release-1.35] Bump to v1.35.1
- [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)
-
Buildah dropped cni support, require netavark instead (bsc#1221243)
-
Remove obsolete requires libcontainers-image & libcontainers-storage
-
Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846)
-
Update to version 1.35.0:
- Bump v1.35.0
- Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
- conformance tests: don't break on trailing zeroes in layer blobs
- Add a conformance test for copying to a mounted prior stage
- fix(deps): update module github.com/stretchr/testify to v1.9.0
- cgroups: reuse version check from c/common
- Update vendor of containers/(common,image)
- fix(deps): update github.com/containers/storage digest to eadc620
- fix(deps): update github.com/containers/luksy digest to ceb12d4
- fix(deps): update github.com/containers/image/v5 digest to cdc6802
- manifest add: complain if we get artifact flags without --artifact
- Use retry logic from containers/common
- Vendor in containers/(storage,image,common)
- Update module golang.org/x/crypto to v0.20.0
- Add comment re: Total Success task name
- tests: skip_if_no_unshare(): check for --setuid
- Properly handle build --pull=false
- [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
- Update module go.etcd.io/bbolt to v1.3.9
- Revert 'Reduce official image size'
- Update module github.com/opencontainers/image-spec to v1.1.0
- Reduce official image size
- Build with CNI support on FreeBSD
- build --all-platforms: skip some base 'image' platforms
- Bump main to v1.35.0-dev
- Vendor in latest containers/(storage,image,common)
- Split up error messages for missing --sbom related flags
buildah manifest: add artifact-related options- cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
- cmd/buildah/manifest.go: don't make struct declarations aliases
- Use golang.org/x/exp/slices.Contains
- Disable loong64 again
- Fix a couple of typos in one-line comments
- egrep is obsolescent; use grep -E
- Try Cirrus with a newer VM version
- Set CONTAINERS_CONF in the chroot-mount-flags integration test
- Update to match dependency API update
- Update github.com/openshift/imagebuilder and containers/common
- docs: correct default authfile path
- fix(deps): update module github.com/containerd/containerd to v1.7.13
- tests: retrofit test for heredoc summary
- build, heredoc: show heredoc summary in build output
- manifest, push: add support for --retry and --retry-delay
- fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
- imagebuildah: fix crash with empty RUN
- fix(deps): update github.com/containers/luksy digest to b62d551
- fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
- fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
- Make buildah match podman for handling of ulimits
- docs: move footnotes to where they're applicable
- Allow users to specify no-dereference
- Run codespell on code
- Fix FreeBSD version parsing
- Fix a build break on FreeBSD
- Remove a bad FROM line
- fix(deps): update module github.com/onsi/gomega to v1.31.1
- fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
- docs: use reversed logo for dark theme in README
- build,commit: add --sbom to scan and produce SBOMs when committing
- commit: force omitHistory if the parent has layers but no history
- docs: fix a couple of typos
- internal/mkcw.Archive(): handle extra image content
- stage_executor,heredoc: honor interpreter in heredoc
- stage_executor,layers: burst cache if heredoc content is changed
- fix(deps): update module golang.org/x/crypto to v0.18.0
- Replace map[K]bool with map[K]struct{} where it makes sense
- fix(deps): update module golang.org/x/sync to v0.6.0
- fix(deps): update module golang.org/x/term to v0.16.0
- Bump CI VMs
- Replace strings.SplitN with strings.Cut
- fix(deps): update github.com/containers/storage digest to ef81e9b
- fix(deps): update github.com/containers/image/v5 digest to 1b221d4
- fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
- Document use of containers-transports values in buildah
- fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
- chore(deps): update dependency containers/automation_images to v20231208
- manifest: addCompression use default from containers.conf
- commit: add a --add-file flag
- mkcw: populate the rootfs using an overlay
- chore(deps): update dependency containers/automation_images to v20230517
- [skip-ci] Update actions/stale action to v9
- fix(deps): update module github.com/containernetworking/plugins to v1.4.0
- fix(deps): update github.com/containers/image/v5 digest to 7a40fee
- Bump to v1.34.1-dev
- Ignore errors if label.Relabel returns ENOSUP
Список пакетов
Image SLES15-SP3-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-EC2-HVM
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-CHOST-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-CHOST-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-CHOST-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-HPC-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-HPC-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-SAP-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-SAP-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-SAPCAL-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-SAPCAL-EC2-HVM
docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-SAPCAL-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-CHOST-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-CHOST-BYOS-Aliyun
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-CHOST-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-CHOST-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-CHOST-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-HPC-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-HPC-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-HPC-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-HPC-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-HPC-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-HPC-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Hardened-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Hardened-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Hardened-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Hardened-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Server-4-3
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-3
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-3-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-3-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-3-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-3-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-3-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-4
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-4-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-4-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-4-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-4-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-4-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-Micro-5-4-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-Hardened
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-Hardened-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-Hardened-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAP-Hardened-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAPCAL
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAPCAL-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAPCAL-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP4-SAPCAL-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Azure-3P
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Azure-Basic
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Azure-Standard
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-CHOST-BYOS-Aliyun
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-CHOST-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-CHOST-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-CHOST-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-CHOST-BYOS-GDC
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-HPC-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-HPC-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-HPC-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-HPC-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Hardened-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Hardened-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Hardened-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Server-5-0
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Server-5-0-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Micro-5-5
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Micro-5-5-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Micro-5-5-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Micro-5-5-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Micro-5-5-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Micro-5-5-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Micro-5-5-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-Micro-5-5-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-SAP-Azure-3P
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-SAP-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-SAP-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-SAP-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-SAP-Hardened-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-SAP-Hardened-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-SAPCAL-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-SAPCAL-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP5-SAPCAL-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-Azure-Basic
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-Azure-Standard
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-CHOST-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-CHOST-BYOS-Aliyun
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-CHOST-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-CHOST-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-CHOST-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-CHOST-BYOS-GDC
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-EC2-ECS-HVM
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-HPC
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-HPC-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-HPC-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-HPC-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-HPC-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-HPC-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-HPC-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-HPC-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-Hardened-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-Hardened-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-Hardened-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-Hardened-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-Hardened
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-Hardened-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-Hardened-BYOS
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-Hardened-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAP-Hardened-GCE
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAPCAL
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAPCAL-Azure
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAPCAL-EC2
docker-25.0.6_ce-150000.207.1
Image SLES15-SP6-SAPCAL-GCE
docker-25.0.6_ce-150000.207.1
SUSE Enterprise Storage 7.1
buildah-1.35.4-150300.8.25.1
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
docker-fish-completion-25.0.6_ce-150000.207.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
buildah-1.35.4-150300.8.25.1
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
docker-fish-completion-25.0.6_ce-150000.207.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
docker-rootless-extras-25.0.6_ce-150000.207.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
docker-rootless-extras-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Micro 5.1
docker-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Micro 5.2
docker-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Micro 5.3
docker-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Micro 5.4
docker-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Micro 5.5
docker-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Module for Containers 15 SP5
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
docker-rootless-extras-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Module for Containers 15 SP6
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
docker-rootless-extras-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Server 15 SP2-LTSS
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Server 15 SP3-LTSS
buildah-1.35.4-150300.8.25.1
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
docker-fish-completion-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Server 15 SP4-LTSS
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
docker-rootless-extras-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
buildah-1.35.4-150300.8.25.1
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
docker-fish-completion-25.0.6_ce-150000.207.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
docker-rootless-extras-25.0.6_ce-150000.207.1
openSUSE Leap 15.5
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
docker-fish-completion-25.0.6_ce-150000.207.1
docker-rootless-extras-25.0.6_ce-150000.207.1
docker-zsh-completion-25.0.6_ce-150000.207.1
openSUSE Leap 15.6
docker-25.0.6_ce-150000.207.1
docker-bash-completion-25.0.6_ce-150000.207.1
docker-fish-completion-25.0.6_ce-150000.207.1
docker-rootless-extras-25.0.6_ce-150000.207.1
docker-zsh-completion-25.0.6_ce-150000.207.1
openSUSE Leap Micro 5.5
docker-25.0.6_ce-150000.207.1
Ссылки
- Link for SUSE-SU-2024:3120-1
- E-Mail link for SUSE-SU-2024:3120-1
- SUSE Security Ratings
- SUSE Bug 1214855
- SUSE Bug 1219267
- SUSE Bug 1219268
- SUSE Bug 1219438
- SUSE Bug 1221243
- SUSE Bug 1221677
- SUSE Bug 1221916
- SUSE Bug 1223409
- SUSE Bug 1224117
- SUSE Bug 1228324
- SUSE CVE CVE-2024-1753 page
- SUSE CVE CVE-2024-23651 page
- SUSE CVE CVE-2024-23652 page
- SUSE CVE CVE-2024-23653 page
- SUSE CVE CVE-2024-24786 page
- SUSE CVE CVE-2024-28180 page
- SUSE CVE CVE-2024-3727 page
Описание
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-EC2-HVM:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-GCE:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-CHOST-BYOS-Aliyun:docker-25.0.6_ce-150000.207.1
Ссылки
- CVE-2024-1753
- SUSE Bug 1221677
Описание
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-EC2-HVM:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-GCE:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-CHOST-BYOS-Aliyun:docker-25.0.6_ce-150000.207.1
Ссылки
- CVE-2024-23651
- SUSE Bug 1219267
Описание
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-EC2-HVM:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-GCE:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-CHOST-BYOS-Aliyun:docker-25.0.6_ce-150000.207.1
Ссылки
- CVE-2024-23652
- SUSE Bug 1219268
Описание
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-EC2-HVM:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-GCE:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-CHOST-BYOS-Aliyun:docker-25.0.6_ce-150000.207.1
Ссылки
- CVE-2024-23653
- SUSE Bug 1219438
Описание
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-EC2-HVM:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-GCE:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-CHOST-BYOS-Aliyun:docker-25.0.6_ce-150000.207.1
Ссылки
- CVE-2024-24786
- SUSE Bug 1226136
Описание
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-EC2-HVM:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-GCE:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-CHOST-BYOS-Aliyun:docker-25.0.6_ce-150000.207.1
Ссылки
- CVE-2024-28180
- SUSE Bug 1234984
Описание
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-EC2-HVM:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-GCE:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-CHOST-BYOS-Aliyun:docker-25.0.6_ce-150000.207.1
Ссылки
- CVE-2024-3727
- SUSE Bug 1224112
Описание
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-EC2-HVM:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-BYOS-GCE:docker-25.0.6_ce-150000.207.1
Image SLES15-SP3-CHOST-BYOS-Aliyun:docker-25.0.6_ce-150000.207.1
Ссылки
- CVE-2024-41110
- SUSE Bug 1228324