SUSE-SU-2023:4936-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20234936-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:4936-1
Related
Published
2023-12-20T16:18:41Z
Modified
2023-12-20T16:18:41Z
Summary
Security update for docker, rootlesskit
Details

This update for docker, rootlesskit fixes the following issues:

docker:

  • Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513

    • Deny containers access to /sys/devices/virtual/powercap by default.
      • CVE-2020-8694 bsc#1170415
      • CVE-2020-8695 bsc#1170446
      • CVE-2020-12912 bsc#1178760
  • Update to Docker 24.0.6-ce. See upstream changelong online at

    https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323

  • Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141

  • Update to Docker 24.0.5-ce. See upstream changelong online at

    https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229

This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)

rootlesskit:

  • new package, for docker rootless support. (jsc#PED-6180)
References

Affected packages

SUSE:Linux Enterprise Micro 5.3 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.5 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise Module for Containers 15 SP4 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker-rootless-extras": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "rootlesskit": "1.1.1-150000.1.3.3"
        }
    ]
}

SUSE:Linux Enterprise Module for Containers 15 SP4 / rootlesskit

Package

Name
rootlesskit
Purl
purl:rpm/suse/rootlesskit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-150000.1.3.3

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker-rootless-extras": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "rootlesskit": "1.1.1-150000.1.3.3"
        }
    ]
}

SUSE:Linux Enterprise Module for Containers 15 SP5 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker-rootless-extras": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "rootlesskit": "1.1.1-150000.1.3.3"
        }
    ]
}

SUSE:Linux Enterprise Module for Containers 15 SP5 / rootlesskit

Package

Name
rootlesskit
Purl
purl:rpm/suse/rootlesskit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-150000.1.3.3

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker-rootless-extras": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "rootlesskit": "1.1.1-150000.1.3.3"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "docker-fish-completion": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "docker-fish-completion": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP3-LTSS / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "docker-fish-completion": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "docker-fish-completion": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.1 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

SUSE:Enterprise Storage 7.1 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Enterprise%20Storage%207.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "docker-fish-completion": "24.0.7_ce-150000.190.4"
        }
    ]
}

openSUSE:Leap Micro 5.3 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=openSUSE%20Leap%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

openSUSE:Leap Micro 5.4 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=openSUSE%20Leap%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker": "24.0.7_ce-150000.190.4"
        }
    ]
}

openSUSE:Leap 15.4 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-zsh-completion": "24.0.7_ce-150000.190.4",
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker-rootless-extras": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "docker-fish-completion": "24.0.7_ce-150000.190.4",
            "rootlesskit": "1.1.1-150000.1.3.3"
        }
    ]
}

openSUSE:Leap 15.4 / rootlesskit

Package

Name
rootlesskit
Purl
purl:rpm/suse/rootlesskit&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-150000.1.3.3

Ecosystem specific

{
    "binaries": [
        {
            "docker-zsh-completion": "24.0.7_ce-150000.190.4",
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker-rootless-extras": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "docker-fish-completion": "24.0.7_ce-150000.190.4",
            "rootlesskit": "1.1.1-150000.1.3.3"
        }
    ]
}

openSUSE:Leap 15.5 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.7_ce-150000.190.4

Ecosystem specific

{
    "binaries": [
        {
            "docker-zsh-completion": "24.0.7_ce-150000.190.4",
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker-rootless-extras": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "docker-fish-completion": "24.0.7_ce-150000.190.4",
            "rootlesskit": "1.1.1-150000.1.3.3"
        }
    ]
}

openSUSE:Leap 15.5 / rootlesskit

Package

Name
rootlesskit
Purl
purl:rpm/suse/rootlesskit&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-150000.1.3.3

Ecosystem specific

{
    "binaries": [
        {
            "docker-zsh-completion": "24.0.7_ce-150000.190.4",
            "docker-bash-completion": "24.0.7_ce-150000.190.4",
            "docker-rootless-extras": "24.0.7_ce-150000.190.4",
            "docker": "24.0.7_ce-150000.190.4",
            "docker-fish-completion": "24.0.7_ce-150000.190.4",
            "rootlesskit": "1.1.1-150000.1.3.3"
        }
    ]
}