SUSE-SU-2025:20259-1

This update for docker fixes the following issues:

• This update includes fixes for:

  • CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324)
  • CVE-2023-47108: Fixed otelgrpc: DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality (bsc#1217070 bsc#1229806)
  • CVE-2023-45142: Fixed otelhttp,otelhttptrace,otelrestful: DoS vulnerability (bsc#1228553 bsc#1229806)

• Update to Docker 27.5.1-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/27/#2741 bsc#1237335

• Update to docker-buildx 0.20.1. See upstream changelog online at https://github.com/docker/buildx/releases/tag/v0.20.1

• Update to Docker 27.4.1-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/27/#2741

• Update to docker-buildx 0.19.3. See upstream changelog online at https://github.com/docker/buildx/releases/tag/v0.19.3

• Update to Docker 27.4.0-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/27/#274

  https://github.com/docker/buildx/releases/tag/v0.19.2.

  Some notable changelogs from the last update:

  • https://github.com/docker/buildx/releases/tag/v0.19.0
  • https://github.com/docker/buildx/releases/tag/v0.18.0

• Update to Go 1.22.

• Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker (which creates special mounts in /run/secrets to allow container-suseconnect to authenticate containers with registries on registered hosts). bsc#1231348 bsc#1232999

  In order to disable these mounts, just do

  echo 0 > /etc/docker/suse-secrets-enable

  and restart Docker. In order to re-enable them, just do

  echo 1 > /etc/docker/suse-secrets-enable

  and restart Docker. Docker will output information on startup to tell you whether the SUSE secrets feature is enabled or not.

• Disable docker-buildx builds for SLES. It turns out that build containers with docker-buildx don't currently get the SUSE secrets mounts applied, meaning that container-suseconnect doesn't work when building images. bsc#1233819

• Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases.

• Update to docker-buildx v0.17.1 to match standalone docker-buildx package we are replacing. See upstream changelog online at https://github.com/docker/buildx/releases/tag/v0.17.1

• Mark docker-buildx as required since classic "docker build" has been deprecated since Docker 23.0. bsc#1230331

• Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate package, but with docker-stable it will be necessary to maintain the packages together and it makes more sense to have them live in the same OBS package. bsc#1230333

• Update to Docker 26.1.5-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/26.1/#2615 bsc#1230294