{"affected":[{"ecosystem_specific":{"binaries":[{"containerd":"1.4.12-16.49.1","docker":"20.10.12_ce-98.75.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Containers 12","name":"containerd","purl":"pkg:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.12-16.49.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"containerd":"1.4.12-16.49.1","docker":"20.10.12_ce-98.75.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Containers 12","name":"docker","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20.10.12_ce-98.75.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for containerd, docker fixes the following issues:\n\n- CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015).\n- CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434).\n- CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334).\n- CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121).\n- CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273).\n","id":"SUSE-SU-2022:0213-1","modified":"2022-01-27T13:49:06Z","published":"2022-01-27T13:49:06Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20220213-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191015"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191121"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191334"},{"type":"REPORT","url":"https://bugzilla.suse.com/1191434"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193273"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-41089"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-41091"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-41092"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-41103"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-41190"}],"related":["CVE-2021-41089","CVE-2021-41091","CVE-2021-41092","CVE-2021-41103","CVE-2021-41190"],"summary":"Security update for containerd, docker","upstream":["CVE-2021-41089","CVE-2021-41091","CVE-2021-41092","CVE-2021-41103","CVE-2021-41190"]}