SUSE: 2023:0885-1 Moderate: Docker Security Enhancement Summary
suse
March 9, 2022
An update that fixes three vulnerabilities, contains one feature is now available
Summary
This update for buildah fixes the following issues: buildah was updated to version 1.23.1: Update to version 1.22.3: * Update dependencies * Post-branch commit * Accept repositories on login/logout Update to version 1.22.0: * c/image, c/storage, c/common vendor before Podman 3.3 release * Proposed patch for 3399 (shadowutils) * Fix handling of --restore shadow-utils * runtime-flag (debug) test: handle old & new runc * Allow dst and destination for target in secret mounts * Multi-arch: Always push updated version-tagged img * imagebuildah.stageExecutor.prepare(): remove pseudonym check * refine dangling filter * Chown with environment variables not set should fail * Just restore protections of shadow-utils * Remove specific kernel version number requirement from install.md
Topics Covered
References
#1187812 #1192999 SLE-23503
Cross- CVE-2019-10214 CVE-2020-10696 CVE-2021-20206
CVSS scores:
CVE-2019-10214 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2019-10214 (SUSE): 9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-10696 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-10696 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy...
Read the Full Advisory
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2022:0770-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!