Security update for docker SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02366-1 Final 1 1 2025-07-18T12:08:51Z current 2025-07-18T12:08:51Z 2025-07-18T12:08:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for docker This update for docker fixes the following issues: Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114): - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830). Other bugfixes: - Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035). - SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2366,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2366 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502366-1/ Link for SUSE-SU-2025:02366-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040783.html E-Mail link for SUSE-SU-2025:02366-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1240150 SUSE Bug 1240150 https://bugzilla.suse.com/1241830 SUSE Bug 1241830 https://bugzilla.suse.com/1242114 SUSE Bug 1242114 https://bugzilla.suse.com/1243833 SUSE Bug 1243833 https://bugzilla.suse.com/1244035 SUSE Bug 1244035 https://www.suse.com/security/cve/CVE-2025-22872/ SUSE CVE CVE-2025-22872 page SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 docker-28.2.2_ce-98.134.1 docker-bash-completion-28.2.2_ce-98.134.1 docker-fish-completion-28.2.2_ce-98.134.1 docker-rootless-extras-28.2.2_ce-98.134.1 docker-zsh-completion-28.2.2_ce-98.134.1 docker-28.2.2_ce-98.134.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 docker-bash-completion-28.2.2_ce-98.134.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts). CVE-2025-22872 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-28.2.2_ce-98.134.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-bash-completion-28.2.2_ce-98.134.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502366-1/ https://www.suse.com/security/cve/CVE-2025-22872.html CVE-2025-22872 https://bugzilla.suse.com/1241710 SUSE Bug 1241710