patchinfo.16502 - openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Security update for containerd, docker, runc

This update for containerd, docker, runc fixes the following issues:

Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594)

* Switch version to use -ce suffix rather than _ce to avoid confusing other
tools (bsc#1182476).
* CVE-2021-21284: Fixed a potential privilege escalation when the root user in
the remapped namespace has access to the host filesystem (bsc#1181732)
* CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest
crashes the dockerd daemon (bsc#1181730).
* btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081)

runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962).

* Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).
* Fixed /dev/null is not available (bsc#1168481).
* CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405).

containerd was updated to v1.4.4

* CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397).
* Handle a requirement from docker (bsc#1181594).

This update was imported from the SUSE:SLE-15:Update update project.

Submitted by Aleksa Sarai (cyphar)

Message

Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?

Fixed bugs

Since glibc 2.33 testing for execute permission does not work

Update podman to 2.0.x release

After docker update, containerd-shim-runc-v2 cannot find "runc" binary

Docker wrong SemVer version string

[trackerbug] Docker 20.10.6 update

VUL-1: CVE-2021-21284: docker: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem

/dev/null not accessable in containers

remove docker-runc and docker-proxy packages plus unneeded -kubic flavours

[trackerbug] Docker 20.10.2 update

Cannot update containerd due to incorrect runc dependency

Docker on btrfs disables quotas globally

containerd is unusable without containerd-shim-runc-v[1,2] [ref:_00D1igLOd._5001iaDwwW:ref]

When stopping docker btrfs quotas are removed

VUL-0: CVE-2021-21285: docker: pulling a malformed Docker image manifest crashes the dockerd daemon

podman and glibc 2.33 don't play together

[trackerbug] Docker 20.10.5 update

VUL-0: CVE-2021-21334: containerd: potential information leak through environment variables

VUL-0: EMBARGOED: CVE-2021-30465: runc: vulnerable to symlink-exchange attack

Selected Binaries

openSUSE Build Service is sponsored by