docker-20.10.9_ce-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11566 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z docker-20.10.9_ce-1.1 on GA media These are all security issues fixed in the docker-20.10.9_ce-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11566 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11566 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-41092/ SUSE CVE CVE-2021-41092 page openSUSE Tumbleweed docker-20.10.9_ce-1.1 docker-bash-completion-20.10.9_ce-1.1 docker-fish-completion-20.10.9_ce-1.1 docker-zsh-completion-20.10.9_ce-1.1 docker-20.10.9_ce-1.1 as a component of openSUSE Tumbleweed docker-bash-completion-20.10.9_ce-1.1 as a component of openSUSE Tumbleweed docker-fish-completion-20.10.9_ce-1.1 as a component of openSUSE Tumbleweed docker-zsh-completion-20.10.9_ce-1.1 as a component of openSUSE Tumbleweed Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. CVE-2021-41092 openSUSE Tumbleweed:docker-20.10.9_ce-1.1 openSUSE Tumbleweed:docker-bash-completion-20.10.9_ce-1.1 openSUSE Tumbleweed:docker-fish-completion-20.10.9_ce-1.1 openSUSE Tumbleweed:docker-zsh-completion-20.10.9_ce-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-41092.html CVE-2021-41092 https://bugzilla.suse.com/1191334 SUSE Bug 1191334 https://bugzilla.suse.com/1191355 SUSE Bug 1191355