Overview

File _patchinfo of Package patchinfo.34933

<patchinfo incident="34933">
  <issue tracker="cve" id="2024-41110"/>
  <issue tracker="bnc" id="1228324">VUL-0: CVE-2024-41110: docker: Authz zero length regression</issue>
  <issue tracker="bnc" id="1214855">umarshalling volume options for volume: unexpected end of JSON input</issue>
  <issue tracker="bnc" id="1221916">L3: SLES15-SP4: Docker buildx build fails to COPY from build stage using nested links</issue>
  <packager>cyphar</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for docker</summary>
  <description>This update for docker fixes the following issues:

- Update to Docker 25.0.6-ce. See upstream changelog online at
  &lt;https://docs.docker.com/engine/release-notes/25.0/#2506&gt;

- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)

- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
  symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
  future Docker starts failing due to empty files. (bsc#1214855)
</description>
  <message>Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?</message>
</patchinfo>
openSUSE Build Service is sponsored by
Places