SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1689

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1689

Security update for containerd, docker

Type: security

Severity: important

Issued: 2022-05-16

Description:

This update for containerd, docker fixes the following issues:

- CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517).
- CVE-2022-23648: Fixed directory traversal issue (bsc#1196441).
- CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284).
- CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930).

References

CVE: CVE-2022-27191
CVE: CVE-2022-24769
CVE: CVE-2022-23648
CVE: CVE-2021-43565
Bugzilla: 1197517 VUL-0: CVE-2022-24769: docker, containerd: moby: Default inheritable capabilities for linux container should be empty
Bugzilla: 1197284 VUL-0: CVE-2022-27191: go1.15,go1.16,go1.17,go1.18,go1.14: crash in a golang.org/x/crypto/ssh server
Bugzilla: 1196441 VUL-0: CVE-2022-23648: containerd: directory traversal issue
Bugzilla: 1193930 VUL-0: CVE-2021-43565: kubernetes,docker,kubernetes-1.18,kubevirt: golang.org/x/crypto: empty plaintext packet causes panic

Packages

containerd-1.5.11-150000.68.1