Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE Linux Enterprise: 2022:2341-1 Critical Denial Of Service Fix

suse
Calendar Grey July 8, 2022
Dist Suse Esm H88
A vital update from SUSE tackles several significant vulnerabilities found in containerd and Docker. Discover further details about this advisory.
An update that solves two vulnerabilities and has three fixes is now available

Summary

This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/25.0/. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works

Topics%20covered

Topics Covered

security advisory critical issue DoS SUSE docker containerd

References

#1192051 #1199460 #1199565 #1200088 #1200145

Cross- CVE-2022-29162 CVE-2022-31030

CVSS scores:

CVE-2022-29162 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-29162 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2022-31030 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE CaaS Platform 4.0

SUSE Enterprise Storage 6

SUSE Enterprise Storage 7

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2341-1
Rating: important

Topics%20covered

Topics Covered

security advisory critical issue DoS SUSE docker containerd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here