openSUSE: 2021:0878-1 important: containerd, docker, runc
Description
This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594) * Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730). * btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081) runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962). * Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev/null is not available (bsc#1168481). * CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405). containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397). * Handle a requirement from docker (bsc#1181594). This update was imported from the SUSE:SLE-15:Update update project.
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-878=1
Package List
- openSUSE Leap 15.2 (noarch): docker-bash-completion-20.10.6_ce-lp152.2.12.1 docker-fish-completion-20.10.6_ce-lp152.2.12.1 docker-zsh-completion-20.10.6_ce-lp152.2.12.1 - openSUSE Leap 15.2 (x86_64): containerd-1.4.4-lp152.2.6.1 containerd-ctr-1.4.4-lp152.2.6.1 docker-20.10.6_ce-lp152.2.12.1 docker-debuginfo-20.10.6_ce-lp152.2.12.1 runc-1.0.0~rc93-lp152.2.3.1 runc-debuginfo-1.0.0~rc93-lp152.2.3.1
References
https://www.suse.com/security/cve/CVE-2021-21284.html https://www.suse.com/security/cve/CVE-2021-21285.html https://www.suse.com/security/cve/CVE-2021-21334.html https://www.suse.com/security/cve/CVE-2021-30465.html https://bugzilla.suse.com/1168481 https://bugzilla.suse.com/1175081 https://bugzilla.suse.com/1175821 https://bugzilla.suse.com/1181594 https://bugzilla.suse.com/1181641 https://bugzilla.suse.com/1181677 https://bugzilla.suse.com/1181730 https://bugzilla.suse.com/1181732 https://bugzilla.suse.com/1181749 https://bugzilla.suse.com/1182451 https://bugzilla.suse.com/1182476 https://bugzilla.suse.com/1182947 https://bugzilla.suse.com/1183024 https://bugzilla.suse.com/1183855 https://bugzilla.suse.com/1184768 https://bugzilla.suse.com/1184962 https://bugzilla.suse.com/1185405