{"affected":[{"ecosystem_specific":{"binaries":[{"docker":"27.5.1_ce-slfo.1.1_1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.1","name":"docker","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Micro%206.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"27.5.1_ce-slfo.1.1_1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for docker fixes the following issues:\n\n- This update includes fixes for:\n\n  * CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324)\n  * CVE-2023-47108: Fixed otelgrpc: DoS vulnerability in otelgrpc\n    (uncontrolled resource consumption) due to unbound cardinality\n    (bsc#1217070 bsc#1229806)\n  * CVE-2023-45142: Fixed otelhttp,otelhttptrace,otelrestful: DoS\n    vulnerability (bsc#1228553 bsc#1229806)\n\n- Update to Docker 27.5.1-ce. See upstream changelog online at\n  <https://docs.docker.com/engine/release-notes/27/#2741> bsc#1237335\n\n- Update to docker-buildx 0.20.1. See upstream changelog online at\n  <https://github.com/docker/buildx/releases/tag/v0.20.1>\n\n- Update to Docker 27.4.1-ce. See upstream changelog online at\n  <https://docs.docker.com/engine/release-notes/27/#2741>\n\n- Update to docker-buildx 0.19.3. See upstream changelog online at\n  <https://github.com/docker/buildx/releases/tag/v0.19.3>\n\n- Update to Docker 27.4.0-ce. See upstream changelog online at\n  <https://docs.docker.com/engine/release-notes/27/#274>\n\n  <https://github.com/docker/buildx/releases/tag/v0.19.2>.\n\n  Some notable changelogs from the last update:\n    * <https://github.com/docker/buildx/releases/tag/v0.19.0>\n    * <https://github.com/docker/buildx/releases/tag/v0.18.0>\n\n- Update to Go 1.22.\n\n- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to\n  disable the SUSEConnect integration with Docker (which creates special mounts\n  in /run/secrets to allow container-suseconnect to authenticate containers\n  with registries on registered hosts). bsc#1231348 bsc#1232999\n\n  In order to disable these mounts, just do\n\n    echo 0 > /etc/docker/suse-secrets-enable\n\n  and restart Docker. In order to re-enable them, just do\n\n    echo 1 > /etc/docker/suse-secrets-enable\n\n  and restart Docker. Docker will output information on startup to tell you\n  whether the SUSE secrets feature is enabled or not.\n\n- Disable docker-buildx builds for SLES. It turns out that build containers\n  with docker-buildx don't currently get the SUSE secrets mounts applied,\n  meaning that container-suseconnect doesn't work when building images.\n  bsc#1233819\n\n- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from\n  sysconfig a long time ago, and apparently this causes issues with systemd in\n  some cases.\n\n- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we\n  are replacing. See upstream changelog online at\n  <https://github.com/docker/buildx/releases/tag/v0.17.1>\n\n- Mark docker-buildx as required since classic \"docker build\" has been\n  deprecated since Docker 23.0. bsc#1230331\n\n- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate\n  package, but with docker-stable it will be necessary to maintain the packages\n  together and it makes more sense to have them live in the same OBS package.\n  bsc#1230333\n\n- Update to Docker 26.1.5-ce. See upstream changelog online at\n  <https://docs.docker.com/engine/release-notes/26.1/#2615>\n  bsc#1230294\n\n","id":"SUSE-SU-2025:20259-1","modified":"2025-03-31T16:54:17Z","published":"2025-03-31T16:54:17Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520259-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217070"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223409"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228324"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228553"},{"type":"REPORT","url":"https://bugzilla.suse.com/1229806"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230294"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230331"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230333"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231348"},{"type":"REPORT","url":"https://bugzilla.suse.com/1232999"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233819"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234089"},{"type":"REPORT","url":"https://bugzilla.suse.com/1237335"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-45142"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-47108"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-29018"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-41110"}],"related":["CVE-2023-45142","CVE-2023-47108","CVE-2024-29018","CVE-2024-41110"],"summary":"Security update for docker","upstream":["CVE-2023-45142","CVE-2023-47108","CVE-2024-29018","CVE-2024-41110"]}