Описание
Security update for docker-stable
This update for docker-stable fixes the following issues:
- CVE-2025-0495: buildx: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration (bsc#1239765)
Other fixes:
- Update to docker-buildx v0.22.0.
- Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534)
- Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. (jsc#PED-8905)
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
docker-stable-24.0.9_ce-1.14.1
docker-stable-bash-completion-24.0.9_ce-1.14.1
Ссылки
- Link for SUSE-SU-2025:1344-1
- E-Mail link for SUSE-SU-2025:1344-1
- SUSE Security Ratings
- SUSE Bug 1239765
- SUSE CVE CVE-2025-0495 page
Описание
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records. This vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication.
Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.14.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.14.1
Ссылки
- CVE-2025-0495
- SUSE Bug 1239765