SUSE Security Update 2024:2801-2 Critical: Docker Auth Bypass & File Issues
suse
August 7, 2024
* bsc#1214855 * bsc#1219267 * bsc#1219268 * bsc#1219438 * bsc#1221916
Summary
##
RETRACTED: This update for docker fixes the following issues:
* CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts
(bsc#1219267)
* CVE-2024-23652: Fixed insufficient validation of parent directory on mount
(bsc#1219268)
* CVE-2024-23653: Fixed insufficient validation on entitlement on container
creation via buildkit (bsc#1219438)
* CVE-2024-41110: A Authz zero length regression that could lead to
authentication bypass was fixed (bsc#1228324)
Other fixes:
* Update to Docker 25.0.6-ce. See upstream changelog online at
References
* bsc#1214855
* bsc#1219267
* bsc#1219268
* bsc#1219438
* bsc#1221916
* bsc#1223409
* bsc#1228324
Cross-
* CVE-2024-23651
* CVE-2024-23652
* CVE-2024-23653
* CVE-2024-41110
CVSS scores:
* CVE-2024-23651 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23651 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-23652 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-23652 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-23653 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-23653 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-41110 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* Containers Module 15-SP5
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2024:2801-2
Rating: critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!