Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

openSUSE Leap 15.2 2021:0278-1 Critical: Docker Privilege Escalation

opensuse
Calendar Grey February 12, 2021
Dist Opensuse Esm H88
Crucial Fedora update addresses significant Podman and Buildah vulnerabilities, improving overall safety and performance for users.
An update that solves three vulnerabilities and has 5 fixes is now available

Description

This update for containerd, docker, docker-runc,

golang-github-docker-libnetwork fixes the following issues:

Security issues fixed:

- CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969).

- CVE-2021-21284: potential privilege escalation when the root user in the

remapped namespace has access to the host filesystem (bsc#1181732)

- CVE-2021-21285: pulling a malformed Docker image manifest crashes the

dockerd daemon (bsc#1181730)

Non-security issues fixed:

- Update Docker to 19.03.15-ce. See upstream changelog in the packaged

/usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes

for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).

- Only apply the boo#1178801 libnetwork patch to handle firewalld on

openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401)

- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and

fixes CVE-2020-15257....

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory privilege escalation critical patch threat mitigation malformed images openSUSE docker Docker containerd

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-278=1

Package List

- openSUSE Leap 15.2 (x86_64):

containerd-1.3.9-lp152.2.3.1

containerd-ctr-1.3.9-lp152.2.3.1

docker-19.03.15_ce-lp152.2.3.1

docker-debuginfo-19.03.15_ce-lp152.2.3.1

docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-lp152.2.3.1

docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-lp152.2.3.1

docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-lp152.2.3.1

docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-lp152.2.3.1

docker-test-19.03.15_ce-lp152.2.3.1

docker-test-debuginfo-19.03.15_ce-lp152.2.3.1

fish-2.7.1-lp152.5.3.1

fish-debuginfo-2.7.1-lp152.5.3.1

fish-debugsource-2.7.1-lp152.5.3.1

fish-devel-2.7.1-lp152.5.3.1

golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-lp152.2.3.1

- openSUSE Leap 15.2 (noarch):

docker-bash-completion-19.03.15_ce-lp152.2.3.1

docker-fish-completion-19.03.15_ce-lp152.2.3.1

docker-zsh-completion-19.03.15_ce-lp152.2.3.1

References

https://www.suse.com/security/cve/CVE-2020-15257.html

https://www.suse.com/security/cve/CVE-2021-21284.html

https://www.suse.com/security/cve/CVE-2021-21285.html

https://bugzilla.suse.com/1174075

https://bugzilla.suse.com/1176708

https://bugzilla.suse.com/1178801

https://bugzilla.suse.com/1178969

https://bugzilla.suse.com/1180243

https://bugzilla.suse.com/1180401

https://bugzilla.suse.com/1181730

https://bugzilla.suse.com/1181732

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:0278-1
Rating: important
Affected Products: openSUSE Leap 15.2 ble.

Topics%20covered

Topics Covered

security advisory privilege escalation critical patch threat mitigation malformed images openSUSE docker Docker containerd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here