Overview

File _patchinfo of Package patchinfo.36472

<patchinfo incident="36472">
  <issue tracker="bnc" id="1217070">VUL-0: CVE-2023-47108: TRACKERBUG: otelgrpc: DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics</issue>
  <issue tracker="bnc" id="1230294">[trackerbug] docker 26.1.5 update</issue>
  <issue tracker="bnc" id="1229806">CVE-L3: OpenTelemetry-Go related vulnerabilities in dockerd and containerd  [ ref:_00D1igLOd._500TrEscMs:ref ]</issue>
  <issue tracker="bnc" id="1228324">VUL-0: CVE-2024-41110: docker: Authz zero length regression</issue>
  <issue tracker="bnc" id="1230333">docker-buildx: move to be a subpackage of Docker</issue>
  <issue tracker="bnc" id="1228553">VUL-0: CVE-2023-45142: TRACKERBUG: otelhttp,otelhttptrace,otelrestful: DoS vulnerability</issue>
  <issue tracker="bnc" id="1231348">Issues on remount of tmpfs mount/secrets</issue>
  <issue tracker="bnc" id="1230331">docker: add Requires for docker-buildx</issue>
  <issue tracker="bnc" id="1231348">Issues on remount of tmpfs mount/secrets</issue>
  <issue tracker="bnc" id="1233819">docker-buildx doesn't work with containers-suseconnect</issue>
  <issue tracker="bnc" id="1231348">Issues on remount of tmpfs mount/secrets</issue>
  <issue tracker="bnc" id="1232999">Issues on Remount of tmpfs for Docker Secrets Directory</issue>

  <issue tracker="cve" id="2023-47108"/>
  <issue tracker="cve" id="2023-45142"/>
  <issue tracker="cve" id="2024-41110"/>
  <packager>cyphar</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for docker</summary>
  <description>This update for docker fixes the following issues:

- Update docker-buildx to v0.19.2. See upstream changelog online at
  &lt;https://github.com/docker/buildx/releases/tag/v0.19.2>.

  Some notable changelogs from the last update:
    * &lt;https://github.com/docker/buildx/releases/tag/v0.19.0>
    * &lt;https://github.com/docker/buildx/releases/tag/v0.18.0>

- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
  disable the SUSEConnect integration with Docker (which creates special mounts
  in /run/secrets to allow container-suseconnect to authenticate containers
  with registries on registered hosts). bsc#1231348 bsc#1232999

  In order to disable these mounts, just do

    echo 0 > /etc/docker/suse-secrets-enable

  and restart Docker. In order to re-enable them, just do

    echo 1 > /etc/docker/suse-secrets-enable

  and restart Docker. Docker will output information on startup to tell you
  whether the SUSE secrets feature is enabled or not.

- Disable docker-buildx builds for SLES. It turns out that build containers
  with docker-buildx don't currently get the SUSE secrets mounts applied,
  meaning that container-suseconnect doesn't work when building images.
  bsc#1233819

- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
  sysconfig a long time ago, and apparently this causes issues with systemd in
  some cases.

- Allow a parallel docker-stable RPM to exists in repositories.

- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
  are replacing. See upstream changelog online at
  &lt;https://github.com/docker/buildx/releases/tag/v0.17.1&gt;

- Allow users to disable SUSE secrets support by setting
  DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)

- Mark docker-buildx as required since classic "docker build" has been
  deprecated since Docker 23.0. (bsc#1230331)

- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
  package, but with docker-stable it will be necessary to maintain the packages
  together and it makes more sense to have them live in the same OBS package.
  (bsc#1230333)

- Update to Docker 26.1.5-ce. See upstream changelog online at
  &lt;https://docs.docker.com/engine/release-notes/26.1/#2615&gt;
  bsc#1230294

- This update includes fixes for:
  * CVE-2024-41110. bsc#1228324
  * CVE-2023-47108. bsc#1217070 bsc#1229806
  * CVE-2023-45142. bsc#1228553 bsc#1229806

- Update to Docker 26.1.4-ce. See upstream changelog online at
  &lt;https://docs.docker.com/engine/release-notes/26.1/#2614&gt;

- Update to Docker 26.1.0-ce. See upstream changelog online at
  &lt;https://docs.docker.com/engine/release-notes/26.1/#2610&gt;

- Update --add-runtime to point to correct binary path.</description>
  <message>Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?</message>
</patchinfo>
openSUSE Build Service is sponsored by
Places