Описание
Security update for libnvidia-container
This update for libnvidia-container fixes the following issues:
Update to version 1.18.0.
Security issues fixed:
- CVE-2024-0132: time-of-check time-of-use (TOCTOU) race condition in default configuration via specifically crafted container image (bsc#1231033).
- CVE-2024-0133: data tampering in host file system via specially crafted container image (bsc#1231032).
Other updates and bugfixes:
-
updated to 1.18.0
- Add clock_gettime to allowed syscalls
- Fix pointer accessing local variable out of scope
- Require version match between libnvidia-container-tools and libnvidia-container1
- Add libnvidia-gpucomp.so to the list of compute libs
- Use VERSION_ prefix for version parts in makefiles
- Add additional logging
- Do not discard container flags when --cuda-compat-mode is not specified
- Remove unneeded --no-cntlibs argument from list command
- Add cuda-compat-mode flag to configure command
- Skip files when user has insufficient permissions
- Fix building with Go 1.24
- Add no-cntlibs CLI option to nvidia-container-cli
- Fix always using fallback
- Add fallback for systems without memfd_create()
- Create virtual copy of host ldconfig binary before calling fexecve()
- Fix some typos in text.
-
update nvidia modprobe to expected 550.54.14.
-
remove services
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libnvidia-container-devel-1.18.0-150200.5.9.1
libnvidia-container-static-1.18.0-150200.5.9.1
libnvidia-container-tools-1.18.0-150200.5.9.1
libnvidia-container1-1.18.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libnvidia-container-devel-1.18.0-150200.5.9.1
libnvidia-container-static-1.18.0-150200.5.9.1
libnvidia-container-tools-1.18.0-150200.5.9.1
libnvidia-container1-1.18.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libnvidia-container-devel-1.18.0-150200.5.9.1
libnvidia-container-static-1.18.0-150200.5.9.1
libnvidia-container-tools-1.18.0-150200.5.9.1
libnvidia-container1-1.18.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libnvidia-container-devel-1.18.0-150200.5.9.1
libnvidia-container-static-1.18.0-150200.5.9.1
libnvidia-container-tools-1.18.0-150200.5.9.1
libnvidia-container1-1.18.0-150200.5.9.1
SUSE Linux Enterprise Module for Containers 15 SP7
libnvidia-container-devel-1.18.0-150200.5.9.1
libnvidia-container-static-1.18.0-150200.5.9.1
libnvidia-container-tools-1.18.0-150200.5.9.1
libnvidia-container1-1.18.0-150200.5.9.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libnvidia-container-devel-1.18.0-150200.5.9.1
libnvidia-container-static-1.18.0-150200.5.9.1
libnvidia-container-tools-1.18.0-150200.5.9.1
libnvidia-container1-1.18.0-150200.5.9.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libnvidia-container-devel-1.18.0-150200.5.9.1
libnvidia-container-static-1.18.0-150200.5.9.1
libnvidia-container-tools-1.18.0-150200.5.9.1
libnvidia-container1-1.18.0-150200.5.9.1
SUSE Linux Enterprise Server 15 SP6-LTSS
libnvidia-container-devel-1.18.0-150200.5.9.1
libnvidia-container-static-1.18.0-150200.5.9.1
libnvidia-container-tools-1.18.0-150200.5.9.1
libnvidia-container1-1.18.0-150200.5.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libnvidia-container-devel-1.18.0-150200.5.9.1
libnvidia-container-static-1.18.0-150200.5.9.1
libnvidia-container-tools-1.18.0-150200.5.9.1
libnvidia-container1-1.18.0-150200.5.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libnvidia-container-devel-1.18.0-150200.5.9.1
libnvidia-container-static-1.18.0-150200.5.9.1
libnvidia-container-tools-1.18.0-150200.5.9.1
libnvidia-container1-1.18.0-150200.5.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP6
libnvidia-container-devel-1.18.0-150200.5.9.1
libnvidia-container-static-1.18.0-150200.5.9.1
libnvidia-container-tools-1.18.0-150200.5.9.1
libnvidia-container1-1.18.0-150200.5.9.1
openSUSE Leap 15.6
libnvidia-container-devel-1.18.0-150200.5.9.1
libnvidia-container-static-1.18.0-150200.5.9.1
libnvidia-container-tools-1.18.0-150200.5.9.1
libnvidia-container1-1.18.0-150200.5.9.1
Ссылки
- Link for SUSE-SU-2026:0558-1
- E-Mail link for SUSE-SU-2026:0558-1
- SUSE Security Ratings
- SUSE Bug 1231032
- SUSE Bug 1231033
- SUSE CVE CVE-2024-0132 page
- SUSE CVE CVE-2024-0133 page
Описание
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnvidia-container-devel-1.18.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnvidia-container-static-1.18.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnvidia-container-tools-1.18.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnvidia-container1-1.18.0-150200.5.9.1
Ссылки
- CVE-2024-0132
- SUSE Bug 1231033
Описание
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnvidia-container-devel-1.18.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnvidia-container-static-1.18.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnvidia-container-tools-1.18.0-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libnvidia-container1-1.18.0-150200.5.9.1
Ссылки
- CVE-2024-0133
- SUSE Bug 1231032