SUSE-SU-2024:4360-1

Опубликовано: 17 дек. 2024

Источник: suse-cvrf

Описание

Security update for docker

This update for docker fixes the following issues:

Update docker-buildx to v0.19.2. See upstream changelog online at https://github.com/docker/buildx/releases/tag/v0.19.2.

Some notable changelogs from the last update:
- https://github.com/docker/buildx/releases/tag/v0.19.0
- https://github.com/docker/buildx/releases/tag/v0.18.0
Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker (which creates special mounts in /run/secrets to allow container-suseconnect to authenticate containers with registries on registered hosts). bsc#1231348 bsc#1232999

In order to disable these mounts, just do

echo 0 > /etc/docker/suse-secrets-enable

and restart Docker. In order to re-enable them, just do

echo 1 > /etc/docker/suse-secrets-enable

and restart Docker. Docker will output information on startup to tell you whether the SUSE secrets feature is enabled or not.
Disable docker-buildx builds for SLES. It turns out that build containers with docker-buildx don't currently get the SUSE secrets mounts applied, meaning that container-suseconnect doesn't work when building images. bsc#1233819
Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases.
Allow a parallel docker-stable RPM to exists in repositories.
Update to docker-buildx v0.17.1 to match standalone docker-buildx package we are replacing. See upstream changelog online at https://github.com/docker/buildx/releases/tag/v0.17.1
Allow users to disable SUSE secrets support by setting DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
Mark docker-buildx as required since classic 'docker build' has been deprecated since Docker 23.0. (bsc#1230331)
Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate package, but with docker-stable it will be necessary to maintain the packages together and it makes more sense to have them live in the same OBS package. (bsc#1230333)
Update to Docker 26.1.5-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/26.1/#2615 bsc#1230294
This update includes fixes for:
- CVE-2024-41110. bsc#1228324
- CVE-2023-47108. bsc#1217070 bsc#1229806
- CVE-2023-45142. bsc#1228553 bsc#1229806
Update to Docker 26.1.4-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/26.1/#2614
Update to Docker 26.1.0-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/26.1/#2610
Update --add-runtime to point to correct binary path.

Список пакетов

Image SLES15-SP3-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-BYOS-EC2-HVM

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-HPC-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-HPC-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-SAP-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-SAP-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-SAPCAL-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-SAPCAL-EC2-HVM

docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-SAPCAL-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-HPC-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-HPC-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-HPC-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-HPC-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-HPC-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-HPC-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Hardened-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Hardened-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Hardened-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Hardened-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Manager-Server-4-3-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-3

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-3-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-3-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-3-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-3-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-3-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-4

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-4-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-4-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-4-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-4-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-4-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-Micro-5-4-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-Hardened

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-Hardened-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-Hardened-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAP-Hardened-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAPCAL

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAPCAL-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAPCAL-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP4-SAPCAL-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Azure-3P

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Azure-Basic

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Azure-Standard

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-CHOST-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-CHOST-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-CHOST-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-CHOST-BYOS-GDC

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-CHOST-BYOS-SAP-CCloud

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-HPC-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-HPC-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-HPC-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-HPC-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Hardened-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Hardened-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Hardened-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Server-5-0

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Server-5-0-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Server-5-0-EC2-llc

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Manager-Server-5-0-EC2-ltd

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Micro-5-5

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Micro-5-5-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Micro-5-5-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Micro-5-5-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Micro-5-5-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Micro-5-5-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Micro-5-5-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-Micro-5-5-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-SAP-Azure-3P

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-SAP-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-SAP-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-SAP-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-SAP-Hardened-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-SAP-Hardened-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-SAPCAL-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-SAPCAL-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP5-SAPCAL-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-Azure-Basic

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-Azure-Standard

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-CHOST-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-CHOST-BYOS-Aliyun

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-CHOST-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-CHOST-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-CHOST-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-CHOST-BYOS-GDC

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-CHOST-BYOS-SAP-CCloud

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-EC2-ECS-HVM

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-HPC

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-HPC-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-HPC-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-HPC-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-HPC-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-HPC-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-HPC-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-HPC-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-Hardened-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-Hardened-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-Hardened-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-Hardened-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-Hardened

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-Hardened-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-Hardened-BYOS

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-Hardened-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAP-Hardened-GCE

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAPCAL

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAPCAL-Azure

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAPCAL-EC2

docker-26.1.5_ce-150000.212.1

Image SLES15-SP6-SAPCAL-GCE

docker-26.1.5_ce-150000.212.1

SUSE Enterprise Storage 7.1

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

docker-fish-completion-26.1.5_ce-150000.212.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

docker-fish-completion-26.1.5_ce-150000.212.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

docker-rootless-extras-26.1.5_ce-150000.212.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

docker-rootless-extras-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Micro 5.1

docker-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Micro 5.2

docker-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Micro 5.3

docker-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Micro 5.4

docker-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Micro 5.5

docker-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Module for Containers 15 SP5

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

docker-rootless-extras-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Module for Containers 15 SP6

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

docker-rootless-extras-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Server 15 SP2-LTSS

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Server 15 SP3-LTSS

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

docker-fish-completion-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Server 15 SP4-LTSS

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

docker-rootless-extras-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

docker-fish-completion-26.1.5_ce-150000.212.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

docker-rootless-extras-26.1.5_ce-150000.212.1

openSUSE Leap 15.5

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

docker-fish-completion-26.1.5_ce-150000.212.1

docker-rootless-extras-26.1.5_ce-150000.212.1

docker-zsh-completion-26.1.5_ce-150000.212.1

openSUSE Leap 15.6

docker-26.1.5_ce-150000.212.1

docker-bash-completion-26.1.5_ce-150000.212.1

docker-fish-completion-26.1.5_ce-150000.212.1

docker-rootless-extras-26.1.5_ce-150000.212.1

docker-zsh-completion-26.1.5_ce-150000.212.1

openSUSE Leap Micro 5.5

docker-26.1.5_ce-150000.212.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244360-1/
Link for SUSE-SU-2024:4360-1
https://lists.suse.com/pipermail/sle-security-updates/2024-December/020020.html
E-Mail link for SUSE-SU-2024:4360-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1217070
SUSE Bug 1217070
https://bugzilla.suse.com/1228324
SUSE Bug 1228324
https://bugzilla.suse.com/1228553
SUSE Bug 1228553
https://bugzilla.suse.com/1229806
SUSE Bug 1229806
https://bugzilla.suse.com/1230294
SUSE Bug 1230294
https://bugzilla.suse.com/1230331
SUSE Bug 1230331
https://bugzilla.suse.com/1230333
SUSE Bug 1230333
https://bugzilla.suse.com/1231348
SUSE Bug 1231348
https://bugzilla.suse.com/1232999
SUSE Bug 1232999
https://bugzilla.suse.com/1233819
SUSE Bug 1233819
https://www.suse.com/security/cve/CVE-2023-45142/
SUSE CVE CVE-2023-45142 page
https://www.suse.com/security/cve/CVE-2023-47108/
SUSE CVE CVE-2023-47108 page
https://www.suse.com/security/cve/CVE-2024-41110/
SUSE CVE CVE-2024-41110 page

Описание

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.

Затронутые продукты

Image SLES15-SP3-BYOS-Azure:docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-BYOS-EC2-HVM:docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-BYOS-GCE:docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-HPC-BYOS-Azure:docker-26.1.5_ce-150000.212.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-45142.html
CVE-2023-45142
https://bugzilla.suse.com/1228553
SUSE Bug 1228553

Описание

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.

Затронутые продукты

Image SLES15-SP3-BYOS-Azure:docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-BYOS-EC2-HVM:docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-BYOS-GCE:docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-HPC-BYOS-Azure:docker-26.1.5_ce-150000.212.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-47108.html
CVE-2023-47108
https://bugzilla.suse.com/1217070
SUSE Bug 1217070

Описание

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.

Затронутые продукты

Image SLES15-SP3-BYOS-Azure:docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-BYOS-EC2-HVM:docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-BYOS-GCE:docker-26.1.5_ce-150000.212.1

Image SLES15-SP3-HPC-BYOS-Azure:docker-26.1.5_ce-150000.212.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-41110.html
CVE-2024-41110
https://bugzilla.suse.com/1228324
SUSE Bug 1228324