SUSE Linux Enterprise: 2024:3120-1 Critical Update for Buildah and Docker
suse
September 3, 2024
* bsc#1214855 * bsc#1219267 * bsc#1219268 * bsc#1219438 * bsc#1221243
Summary
##
This update for buildah, docker fixes the following issues:
Changes in docker: \- CVE-2024-23651: Fixed arbitrary files write due to race
condition on mounts (bsc#1219267) \- CVE-2024-23652: Fixed insufficient
validation of parent directory on mount (bsc#1219268) \- CVE-2024-23653: Fixed
insufficient validation on entitlement on container creation via buildkit
(bsc#1219438) \- CVE-2024-41110: A Authz zero length regression that could lead
to authentication bypass was fixed (bsc#1228324)
Other fixes:
* Update to Docker 25.0.6-ce. See upstream changelog online at
References
* bsc#1214855
* bsc#1219267
* bsc#1219268
* bsc#1219438
* bsc#1221243
* bsc#1221677
* bsc#1221916
* bsc#1223409
* bsc#1224117
* bsc#1228324
Cross-
* CVE-2024-1753
* CVE-2024-23651
* CVE-2024-23652
* CVE-2024-23653
* CVE-2024-24786
* CVE-2024-28180
* CVE-2024-3727
* CVE-2024-41110
CVSS scores:
* CVE-2024-1753 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-23651 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23651 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-23652 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-23652 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-23653 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2024:3120-1
Rating: critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!