Overview

File _patchinfo of Package patchinfo.33586

<patchinfo incident="33586">
  <issue tracker="bnc" id="1219438">VUL-0: CVE-2024-23653: buildkit: BuildKit API doesn't validate entitlement on container creation</issue>
  <issue tracker="bnc" id="1223409">[trackerbug] docker 25.0.5 update</issue>
  <issue tracker="bnc" id="1219267">VUL-0: CVE-2024-23651: docker: race condition in mount</issue>
  <issue tracker="bnc" id="1219268">VUL-0: CVE-2024-23652: docker: arbitrary deletion of files</issue>
  <issue tracker="cve" id="2024-23651"/>
  <issue tracker="cve" id="2024-23653"/>
  <issue tracker="cve" id="2024-23652"/>
  <packager>cyphar</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for docker</summary>
  <description>This update for docker fixes the following issues:

- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)

Other fixes:
- Update to Docker 25.0.5-ce (bsc#1223409)
</description>
  <message>Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?</message>
</patchinfo>
openSUSE Build Service is sponsored by
Places