Detections
Analytics

SUSE SLES12 Security Update : docker (SUSE-SU-2024:4319-1)

high Nessus Plugin ID 213069

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4319-1 advisory.

 - Update docker-buildx to v0.19.2. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.19.2>.

 Some notable changelogs from the last update:
 * <https://github.com/docker/buildx/releases/tag/v0.19.0>
 * <https://github.com/docker/buildx/releases/tag/v0.18.0>

 - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker (which creates special mounts in /run/secrets to allow container-suseconnect to authenticate containers with registries on registered hosts). bsc#1231348 bsc#1232999

 In order to disable these mounts, just do

 echo 0 > /etc/docker/suse-secrets-enable

 and restart Docker. In order to re-enable them, just do

 echo 1 > /etc/docker/suse-secrets-enable

 and restart Docker. Docker will output information on startup to tell you whether the SUSE secrets feature is enabled or not.

 - Disable docker-buildx builds for SLES. It turns out that build containers with docker-buildx don't currently get the SUSE secrets mounts applied, meaning that container-suseconnect doesn't work when building images.
 bsc#1233819

 - Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases.

 - Allow a parallel docker-stable RPM to exists in repositories.

 - Update to docker-buildx v0.17.1 to match standalone docker-buildx package we are replacing. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.17.1>

 - Allow users to disable SUSE secrets support by setting DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)

 - Mark docker-buildx as required since classic 'docker build' has been deprecated since Docker 23.0. (bsc#1230331)

 - Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate package, but with docker-stable it will be necessary to maintain the packages together and it makes more sense to have them live in the same OBS package.
 (bsc#1230333)

 - Update to Docker 26.1.5-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2615> bsc#1230294

 - This update includes fixes for:
 * CVE-2024-41110. bsc#1228324
 * CVE-2023-47108. bsc#1217070 bsc#1229806
 * CVE-2023-45142. bsc#1228553 bsc#1229806

 - Update to Docker 26.1.4-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2614>

 - Update to Docker 26.1.0-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2610>

 - Update --add-runtime to point to correct binary path.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected docker and / or docker-bash-completion packages.

See Also

https://www.suse.com/security/cve/CVE-2023-45142

https://bugzilla.suse.com/1228324

https://www.suse.com/security/cve/CVE-2024-41110

https://bugzilla.suse.com/1217070

https://bugzilla.suse.com/1228553

https://www.suse.com/security/cve/CVE-2023-47108

https://bugzilla.suse.com/1230331

https://bugzilla.suse.com/1230333

https://bugzilla.suse.com/1231348

https://bugzilla.suse.com/1229806

https://bugzilla.suse.com/1230294

https://bugzilla.suse.com/1232999

https://bugzilla.suse.com/1233819

http://www.nessus.org/u?80080c38

Plugin Details

Severity: High

ID: 213069

File Name: suse_SU-2024-4319-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 12/17/2024

Updated: 12/17/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2023-47108

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:docker, p-cpe:/a:novell:suse_linux:docker-bash-completion

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/13/2024

Vulnerability Publication Date: 10/12/2023

Reference Information

CVE: CVE-2023-45142, CVE-2023-47108, CVE-2024-41110

IAVA: 2024-A-0438

SuSE: SUSE-SU-2024:4319-1