# Security update for docker-stable

Announcement ID: SUSE-SU-2024:4205-1  
Release Date: 2024-12-05T14:58:05Z  
Rating: moderate  
References:

  * bsc#1214855
  * bsc#1221916
  * bsc#1228324
  * bsc#1230331
  * bsc#1230333
  * bsc#1231348
  * jsc#PED-11185
  * jsc#PED-8585

  
Cross-References:

  * CVE-2024-41110

  
CVSS scores:

  * CVE-2024-41110 ( SUSE ):  9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server 12 SP5 LTSS
  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5

  
  
An update that solves one vulnerability, contains two features and has five
security fixes can now be installed.

## Description:

This update for docker-stable fixes the following issues:

  * Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
    sysconfig a long time ago, and apparently this causes issues with systemd in
    some cases.
  * Update --add-runtime to point to correct binary path.

  * Further merge docker and docker-stable specfiles to minimise the
    differences. The main thing is that we now include both halves of the
    Conflicts/Provides/Obsoletes dance in both specfiles.

  * Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
    are replacing. See upstream changelog online at
    

  * Allow users to disable SUSE secrets support by setting
    DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. bsc#1231348

  * Import specfile changes for docker-buildx as well as the changes to help
    reduce specfile differences between docker-stable and docker. bsc#1230331
    bsc#1230333

  * Backport patch for CVE-2024-41110. bsc#1228324

  * Initial docker-stable release, forked from Docker 24.0.6-ce release
    (packaged on 2023-10-11).

  * Update to Docker 24.0.9-ce, which is the latest version of the 24.0.x
    branch. It seems likely this will be the last upstream version of the 24.0.x
    branch (it seems Mirantis is going to do LTS for 23.0.x, not 24.0.x).
    

  * Fix BuildKit's symlink resolution logic to correctly handle non-lexical
    symlinks. Backport of  and
    . bsc#1221916
  * Write volume options atomically so sudden system crashes won't result in
    future Docker starts failing due to empty files. Backport of
    . bsc#1214855

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server 12 SP5 LTSS  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-4205=1

  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4205=1

## Package List:

  * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * docker-stable-24.0.9_ce-1.5.1
    * docker-stable-debuginfo-24.0.9_ce-1.5.1
  * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch)
    * docker-stable-bash-completion-24.0.9_ce-1.5.1
  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64)
    * docker-stable-24.0.9_ce-1.5.1
    * docker-stable-debuginfo-24.0.9_ce-1.5.1
  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch)
    * docker-stable-bash-completion-24.0.9_ce-1.5.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-41110.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1214855
  * https://bugzilla.suse.com/show_bug.cgi?id=1221916
  * https://bugzilla.suse.com/show_bug.cgi?id=1228324
  * https://bugzilla.suse.com/show_bug.cgi?id=1230331
  * https://bugzilla.suse.com/show_bug.cgi?id=1230333
  * https://bugzilla.suse.com/show_bug.cgi?id=1231348
  * https://jira.suse.com/browse/PED-11185
  * https://jira.suse.com/browse/PED-8585

SUSE: 2024:4205-1 moderate: docker-stable Security Advisory Updates

December 5, 2024
* bsc#1214855 * bsc#1221916 * bsc#1228324 * bsc#1230331 * bsc#1230333

Summary

## This update for docker-stable fixes the following issues: * Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. * Update --add-runtime to point to correct binary path. * Further merge docker and docker-stable specfiles to minimise the differences. The main thing is that we now include both halves of the Conflicts/Provides/Obsoletes dance in both specfiles. * Update to docker-buildx v0.17.1 to match standalone docker-buildx package we are replacing. See upstream changelog online at * Allow users to disable SUSE secrets support by setting DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. bsc#1231348 * Import specfile changes for docker-buildx as well as the changes to help reduce specfile differences between docker-stable and docker. bsc#1230331 bsc#1230333 * Backport patch for CVE-2024-41110. bsc#1228324 * Ini...

Read the Full Advisory

References

* bsc#1214855

* bsc#1221916

* bsc#1228324

* bsc#1230331

* bsc#1230333

* bsc#1231348

* jsc#PED-11185

* jsc#PED-8585

Cross-

* CVE-2024-41110

CVSS scores:

* CVE-2024-41110 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server 12 SP5 LTSS

* SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves one vulnerability, contains two features and has five

security fixes can now be installed.

##

* https://www.suse.com/security/cve/CVE-2024-41110.html

* https://bugzilla.suse.com/show_bug.cgi?id=1214855

* https://bugzilla.suse.com/show_bug.cgi?id=1221916

* https://bugzilla.suse.com/show_bug.cgi?id=1228324

* https://bugzilla.suse.com/show_bug.cgi?id=1230331

* https://bugzilla.suse.com/show_bug.cgi?id=1230333

* https://bugzilla.suse.com/sh...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2024:4205-1
Release Date: 2024-12-05T14:58:05Z
Rating: moderate

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved