Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

openSUSE Leap 15.3: 2021:1954-1 Important Docker and Containerd Fixes

opensuse
Calendar Grey July 10, 2021
Dist Opensuse Esm H88
An update addresses significant vulnerabilities in containerd, docker, and runc for openSUSE Leap 15.3, implementing vital security enhancements.
An update that solves four vulnerabilities and has 13 fixes is now available

Description

This update for containerd, docker, runc fixes the following issues:

Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594)

* Switch version to use -ce suffix rather than _ce to avoid confusing

other tools (bsc#1182476).

* CVE-2021-21284: Fixed a potential privilege escalation when the root

user in the remapped namespace has access to the host filesystem

(bsc#1181732)

* CVE-2021-21285: Fixed an issue where pulling a malformed Docker image

manifest crashes the dockerd daemon (bsc#1181730).

* btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081)

runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962).

* Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).

* Fixed /dev/null is not available (bsc#1168481).

* CVE-2021-30465: Fixed a symlink-exchange attack vulnarability

(bsc#1185405).

containerd was updated to v1.4.4

* CVE-2021-21334: Fixed a potential...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory update important openSUSE docker runc containerd

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-1954=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

containerd-1.4.4-5.32.1

containerd-ctr-1.4.4-5.32.1

docker-20.10.6_ce-6.49.3

docker-debuginfo-20.10.6_ce-6.49.3

runc-1.0.0~rc93-1.14.2

runc-debuginfo-1.0.0~rc93-1.14.2

- openSUSE Leap 15.3 (noarch):

docker-bash-completion-20.10.6_ce-6.49.3

docker-fish-completion-20.10.6_ce-6.49.3

docker-zsh-completion-20.10.6_ce-6.49.3

References

https://www.suse.com/security/cve/CVE-2021-21284.html

https://www.suse.com/security/cve/CVE-2021-21285.html

https://www.suse.com/security/cve/CVE-2021-21334.html

https://www.suse.com/security/cve/CVE-2021-30465.html

https://bugzilla.suse.com/1168481

https://bugzilla.suse.com/1175081

https://bugzilla.suse.com/1175821

https://bugzilla.suse.com/1181594

https://bugzilla.suse.com/1181641

https://bugzilla.suse.com/1181677

https://bugzilla.suse.com/1181730

https://bugzilla.suse.com/1181732

https://bugzilla.suse.com/1181749

https://bugzilla.suse.com/1182451

https://bugzilla.suse.com/1182476

https://bugzilla.suse.com/1182947

https://bugzilla.suse.com/1183024

https://bugzilla.suse.com/1183855

https://bugzilla.suse.com/1184768

https://bugzilla.suse.com/1184962

https://bugzilla.suse.com/1185405

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:1954-1
Rating: important
Affected Products: openSUSE Leap 15.3 ble.

Topics%20covered

Topics Covered

security advisory update important openSUSE docker runc containerd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here