SUSE-SU-2024:4205-1: moderate: Security update for docker-stable

SLE-SECURITY-UPDATES null at suse.de
Thu Dec 5 16:31:06 UTC 2024 


# Security update for docker-stable

Announcement ID: SUSE-SU-2024:4205-1  
Release Date: 2024-12-05T14:58:05Z  
Rating: moderate  
References:

  * bsc#1214855
  * bsc#1221916
  * bsc#1228324
  * bsc#1230331
  * bsc#1230333
  * bsc#1231348
  * jsc#PED-11185
  * jsc#PED-8585

  
Cross-References:

  * CVE-2024-41110

  
CVSS scores:

  * CVE-2024-41110 ( SUSE ):  9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server 12 SP5 LTSS
  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5

  
  
An update that solves one vulnerability, contains two features and has five
security fixes can now be installed.

## Description:

This update for docker-stable fixes the following issues:

  * Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
    sysconfig a long time ago, and apparently this causes issues with systemd in
    some cases.
  * Update --add-runtime to point to correct binary path.

  * Further merge docker and docker-stable specfiles to minimise the
    differences. The main thing is that we now include both halves of the
    Conflicts/Provides/Obsoletes dance in both specfiles.

  * Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
    are replacing. See upstream changelog online at
    <https://github.com/docker/buildx/releases/tag/v0.17.1>

  * Allow users to disable SUSE secrets support by setting
    DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. bsc#1231348

  * Import specfile changes for docker-buildx as well as the changes to help
    reduce specfile differences between docker-stable and docker. bsc#1230331
    bsc#1230333

  * Backport patch for CVE-2024-41110. bsc#1228324

  * Initial docker-stable release, forked from Docker 24.0.6-ce release
    (packaged on 2023-10-11).

  * Update to Docker 24.0.9-ce, which is the latest version of the 24.0.x
    branch. It seems likely this will be the last upstream version of the 24.0.x
    branch (it seems Mirantis is going to do LTS for 23.0.x, not 24.0.x).
    <https://docs.docker.com/engine/release-notes/24.0/#2409>

  * Fix BuildKit's symlink resolution logic to correctly handle non-lexical
    symlinks. Backport of <https://github.com/moby/buildkit/pull/4896> and
    <https://github.com/moby/buildkit/pull/5060>. bsc#1221916
  * Write volume options atomically so sudden system crashes won't result in
    future Docker starts failing due to empty files. Backport of
    <https://github.com/moby/moby/pull/48034>. bsc#1214855

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server 12 SP5 LTSS  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-4205=1

  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4205=1

## Package List:

  * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * docker-stable-24.0.9_ce-1.5.1
    * docker-stable-debuginfo-24.0.9_ce-1.5.1
  * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch)
    * docker-stable-bash-completion-24.0.9_ce-1.5.1
  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64)
    * docker-stable-24.0.9_ce-1.5.1
    * docker-stable-debuginfo-24.0.9_ce-1.5.1
  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch)
    * docker-stable-bash-completion-24.0.9_ce-1.5.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-41110.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1214855
  * https://bugzilla.suse.com/show_bug.cgi?id=1221916
  * https://bugzilla.suse.com/show_bug.cgi?id=1228324
  * https://bugzilla.suse.com/show_bug.cgi?id=1230331
  * https://bugzilla.suse.com/show_bug.cgi?id=1230333
  * https://bugzilla.suse.com/show_bug.cgi?id=1231348
  * https://jira.suse.com/browse/PED-11185
  * https://jira.suse.com/browse/PED-8585

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20241205/b2646746/attachment.htm>

More information about the sle-security-updates mailing list