Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2022:2165-1 Important: Fix for Containerd Denial of Service

suse
Calendar Grey June 23, 2022
Dist Suse Esm H88
The most recent SUSE security patch targets two identified vulnerabilities within containerd. Make sure to update your systems immediately.
An update that solves two vulnerabilities and has three fixes is now available

Summary

This update for containerd fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/26.1/ . bsc#1200145 runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works

Topics%20covered

Topics Covered

security advisory denial of service SUSE Linux important patch containerd fix

References

#1192051 #1199460 #1199565 #1200088 #1200145

Cross- CVE-2022-29162 CVE-2022-31030

CVSS scores:

CVE-2022-29162 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-29162 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2022-31030 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise High Performance Computing 12

SUSE Linux Enterprise Module for Containers 12

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP Applications 12

SUSE Linux Enterprise Server for SAP Applications 12-SP3

SUSE Linux Enterprise Server for SAP Applications 12-SP4

...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2165-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service SUSE Linux important patch containerd fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here