Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:1507-1 Important: Containerd and Docker Security Fix

suse
Calendar Grey May 3, 2022
Dist Suse Esm H88
OVHcloud announces significant patch for Kubernetes and Docker, addressing various vulnerabilities and high-severity bugs thoroughly.
An update that solves 5 vulnerabilities and has one errata is now available

Summary

This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2021-41190: Fixed parsing confusions in OCI manifest and index (bsc#1193273). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2022-1507=1

Topics%20covered

Topics Covered

security advisory patch critical flaw SUSE important update docker containerd

References

#1192814 #1193273 #1193930 #1196441 #1197284

#1197517

Cross- CVE-2021-41190 CVE-2021-43565 CVE-2022-23648

CVE-2022-24769 CVE-2022-27191

CVSS scores:

CVE-2021-41190 (NVD) : 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

CVE-2021-41190 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CVE-2021-43565 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-23648 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-23648 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-24769 (NVD) : 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVE-2022-24769 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVE-2022-27191 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1507-1
Rating: important

Topics%20covered

Topics Covered

security advisory patch critical flaw SUSE important update docker containerd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here