114 matches found
SUSE-SU-2024:4205-1 Security update for docker-stable
This update for docker-stable fixes the following issues: - Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. - Update --add-runtime to point to correct binary path. - Further merge docker a...
Photon OS 5.0: Docker PHSA-2024-5.0-0397
An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0397. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
docker-stable-24.0.9_ce-1.1 on GA media (moderate)
docker-stable-24.0.9ce-1.1 on GA media Announcement ID: openSUSE-SU-2024:14446-1 Rating: moderate Cross-References: CVE-2024-41110 CVSS scores: CVE-2024-41110 SUSE : 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...
RHSA-2016:2634 Red Hat Security Advisory: docker security and bug fix update
Bulletin has no description...
RHBA-2014:1977 Red Hat Bug Fix Advisory: docker bug fix and enhancement update
Bulletin has no description...
SUSE-SU-2024:1469-1 Security update for docker
This update for docker fixes the following issues: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts bsc1219267 - CVE-2024-23652: Fixed insufficient validation of parent directory on mount bsc1219268 - CVE-2024-23653: Fixed insufficient validation on entitlement on...
SUSE-SU-2023:4936-1 Security update for docker, rootlesskit
This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/2407. bsc1217513 Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc1170415...
SUSE-SU-2023:4625-1 Security update for containerd, docker, runc
This update for containerd, docker, runc fixes the following issues: containerd: -Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 docker: - Update to Docker 24.0.7-ce. See upstream changelong online at...
Important: docker
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: docker Issue Correction: Run dnf update docker...
Important: docker
Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: docker Issue Correction: Run dnf update docker --releasever 2023.1.20230719 or dnf update --advisory ALAS2023-2023-260 --releasever 2023.1.20230719 to update your system. More information o...
Medium: docker
Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...
SUSE-SU-2023:0795-2 Security update for docker
This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/201023 Docker was updated to 20.10.21-ce bsc1206065 See upstream changelog at https://docs.docker.com/engine/release-notes/201021 Security...
Medium: docker
Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...
Medium: docker
Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...
SUSE-SU-2023:1625-1 Security update for docker
This update for docker fixes the following issues: - CVE-2022-36109: Fixed a supplementary group permissions bypass bsc1205375. Update to 20.10.23-ce https://docs.docker.com/engine/release-notes/201023. - drop kubic flavor as kubic is EOL. Update to Docker 20.10.21-ce...
SUSE-SU-2023:0795-1 Security update for docker
This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/201023 Docker was updated to 20.10.21-ce bsc1206065 See upstream changelog at https://docs.docker.com/engine/release-notes/201021 Security...
SUSE-SU-2022:2341-1 Security update for containerd, docker and runc
This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API bsc1200145 docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/201017...
SUSE-SU-2022:2165-1 Security update for containerd
This update for containerd fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API bsc1200145 docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/201017 . bsc1200145 runc...
SUSE-SU-2022:1507-1 Security update for containerd, docker
This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities bsc1197517. - CVE-2022-23648: Fixed directory traversal issue bsc1196441. - CVE-2021-41190: Fixed parsing confusions in OCI manifest and index bsc1193273. -...
CVE-2022-24799 Cross Site Scripting in Wire Webapp
wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...