products/SUSE_ALP_Standard
9
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Adding patchinfo patchinfo.20240911114904504757.269002615871826

Browse Source
This commit is contained in:
Adrian Schröter 2024-10-14 13:25:07 +02:00
parent afcb3c8d05
commit ce3a2cd4ad
1 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
patchinfo.20240911114904504757.269002615871826/_patchinfo Normal file
View File

@ -0,0 +1,43 @@
<patchinfo>
<!-- generated from request(s) 344279 -->
<issue tracker="bnc" id="1210141">docker.socket systemd configurations dosn't exist</issue>
<issue tracker="bnc" id="1214855">umarshalling volume options for volume: unexpected end of JSON input</issue>
<issue tracker="bnc" id="1215323">[trackerbug] docker 24.0.6-ce update</issue>
<issue tracker="bnc" id="1217513">VUL-0: docker: mitigate power-based side channel attacks (advisory GHSA-jq35-85cj-fj4p)</issue>
<issue tracker="bnc" id="1219267">VUL-0: CVE-2024-23651: docker: race condition in mount</issue>
<issue tracker="bnc" id="1219268">VUL-0: CVE-2024-23652: docker: arbitrary deletion of files</issue>
<issue tracker="bnc" id="1219438">VUL-0: CVE-2024-23653: buildkit: BuildKit API doesn't validate entitlement on container creation</issue>
<issue tracker="bnc" id="1220339">docker-24.0.7 makes docker overlay files world writable [ref:_00D1igLOd._500Tr634Oc:ref]</issue>
<issue tracker="bnc" id="1221916">L3: SLES15-SP4: Docker buildx build fails to COPY from build stage using nested links</issue>
<issue tracker="bnc" id="1223409">[trackerbug] docker 25.0.5 update</issue>
<issue tracker="bnc" id="1228324">VUL-0: CVE-2024-41110: docker: Authz zero length regression</issue>
<issue tracker="cve" id="2024-23651"/>
<issue tracker="cve" id="2024-23652"/>
<issue tracker="cve" id="2024-23653"/>
<issue tracker="cve" id="2024-41110"/>
<packager>cyphar</packager>
<rating>critical</rating>
<category>security</category>
<summary>Security update for docker</summary>
<description>This update for docker fixes the following issues:
Security fixes:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other changes:
- Update to Docker 25.0.6-ce.
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
- Fixed world writable docker overlay files (bsc#1220339)
</description>
<package>docker</package>
<message>Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?</message>
<seperate_build_arch/>
</patchinfo>