Security update for docker

Announcement ID:	SUSE-SU-2025:20110-1
Release Date:	2025-02-03T09:19:38Z
Rating:	critical
References:	bsc#1217070 bsc#1228324 bsc#1228553 bsc#1229806 bsc#1230294 bsc#1230331 bsc#1230333 bsc#1231348 bsc#1232999 bsc#1233819
Cross-References:	CVE-2023-45142 CVE-2023-47108 CVE-2024-41110
CVSS scores:	CVE-2023-45142 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-45142 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-47108 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-47108 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41110 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:	SUSE Linux Micro 6.0

An update that solves three vulnerabilities and has seven fixes can now be installed.

Description:

This update for docker fixes the following issues:

• Update docker-buildx to v0.19.2. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.19.2>.

Some notable changelogs from the last update: * <https://github.com/docker/buildx/releases/tag/v0.19.0> * <https://github.com/docker/buildx/releases/tag/v0.18.0>

• Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker (which creates special mounts in /run/secrets to allow container-suseconnect to authenticate containers with registries on registered hosts). bsc#1231348 bsc#1232999

In order to disable these mounts, just do

echo 0 > /etc/docker/suse-secrets-enable

and restart Docker. In order to re-enable them, just do

echo 1 > /etc/docker/suse-secrets-enable

and restart Docker. Docker will output information on startup to tell you whether the SUSE secrets feature is enabled or not.

• Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases.

• Update to docker-buildx v0.17.1 to match standalone docker-buildx package we are replacing. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.17.1>

• Add %{_sysconfdir}/audit/rules.d to filelist.

• Update to Docker 26.1.5-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2615> bsc#1230294

• This update includes fixes for:
• CVE-2024-41110. bsc#1228324
• CVE-2023-47108. bsc#1217070
• CVE-2023-45142. bsc#1228553

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Micro 6.0
  zypper in -t patch SUSE-SLE-Micro-6.0-169=1

Package List:

• SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
  • docker-26.1.5_ce-1.1
  • docker-debuginfo-26.1.5_ce-1.1

References:

• https://www.suse.com/security/cve/CVE-2023-45142.html
• https://www.suse.com/security/cve/CVE-2023-47108.html
• https://www.suse.com/security/cve/CVE-2024-41110.html
• https://bugzilla.suse.com/show_bug.cgi?id=1217070
• https://bugzilla.suse.com/show_bug.cgi?id=1228324
• https://bugzilla.suse.com/show_bug.cgi?id=1228553
• https://bugzilla.suse.com/show_bug.cgi?id=1229806
• https://bugzilla.suse.com/show_bug.cgi?id=1230294
• https://bugzilla.suse.com/show_bug.cgi?id=1230331
• https://bugzilla.suse.com/show_bug.cgi?id=1230333
• https://bugzilla.suse.com/show_bug.cgi?id=1231348
• https://bugzilla.suse.com/show_bug.cgi?id=1232999
• https://bugzilla.suse.com/show_bug.cgi?id=1233819