docker-20.10.9_ce-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11579 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z docker-20.10.9_ce-1.2 on GA media These are all security issues fixed in the docker-20.10.9_ce-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11579 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11579 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-41089/ SUSE CVE CVE-2021-41089 page openSUSE Tumbleweed docker-20.10.9_ce-1.2 docker-bash-completion-20.10.9_ce-1.2 docker-fish-completion-20.10.9_ce-1.2 docker-zsh-completion-20.10.9_ce-1.2 docker-20.10.9_ce-1.2 as a component of openSUSE Tumbleweed docker-bash-completion-20.10.9_ce-1.2 as a component of openSUSE Tumbleweed docker-fish-completion-20.10.9_ce-1.2 as a component of openSUSE Tumbleweed docker-zsh-completion-20.10.9_ce-1.2 as a component of openSUSE Tumbleweed Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. CVE-2021-41089 openSUSE Tumbleweed:docker-20.10.9_ce-1.2 openSUSE Tumbleweed:docker-bash-completion-20.10.9_ce-1.2 openSUSE Tumbleweed:docker-fish-completion-20.10.9_ce-1.2 openSUSE Tumbleweed:docker-zsh-completion-20.10.9_ce-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-41089.html CVE-2021-41089 https://bugzilla.suse.com/1191015 SUSE Bug 1191015 https://bugzilla.suse.com/1191355 SUSE Bug 1191355