{"affected":[{"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.193.1","docker-bash-completion":"24.0.7_ce-150000.193.1","docker-rootless-extras":"24.0.7_ce-150000.193.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Containers 15 SP4","name":"docker","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.193.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for docker fixes the following issues:\n\nVendor latest buildkit v0.11 including bugfixes for the following:\n\n* CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438).\n* CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268).\n* CVE-2024-23651: Fixed race condition in mount (bsc#1219267).\n","id":"SUSE-SU-2024:0586-2","modified":"2024-04-04T13:13:53Z","published":"2024-04-04T13:13:53Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240586-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219267"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219268"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219438"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-23651"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-23652"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-23653"}],"related":["CVE-2024-23651","CVE-2024-23652","CVE-2024-23653"],"summary":"Security update for docker","upstream":["CVE-2024-23651","CVE-2024-23652","CVE-2024-23653"]}