{"id":"SUSE-SU-2023:4936-1","summary":"Security update for docker, rootlesskit","details":"This update for docker, rootlesskit fixes the following issues:\n\ndocker:\n\n- Update to Docker 24.0.7-ce. See upstream changelong online at\n  https://docs.docker.com/engine/release-notes/24.0/#2407\u003e. bsc#1217513\n  * Deny containers access to /sys/devices/virtual/powercap by default.\n    - CVE-2020-8694 bsc#1170415\n    - CVE-2020-8695 bsc#1170446\n    - CVE-2020-12912 bsc#1178760\n\n- Update to Docker 24.0.6-ce. See upstream changelong online at\n\n  \thttps://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323\n\n- Add a docker.socket unit file, but with socket activation effectively\n  disabled to ensure that Docker will always run even if you start the socket\n  individually. Users should probably just ignore this unit file. bsc#1210141\n\n- Update to Docker 24.0.5-ce. See upstream changelong online at\n\n\thttps://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229\n\nThis update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)\n\nrootlesskit:\n\n- new package, for docker rootless support. (jsc#PED-6180)\n\n","modified":"2026-02-04T03:30:41.835354Z","published":"2023-12-20T16:18:41Z","related":["CVE-2020-12912","CVE-2020-8694","CVE-2020-8695"],"upstream":["CVE-2020-12912","CVE-2020-8694","CVE-2020-8695"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20234936-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1170415"},{"type":"REPORT","url":"https://bugzilla.suse.com/1170446"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178760"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210141"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213229"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213500"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215323"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217513"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-12912"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-8694"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-8695"}],"affected":[{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Micro 5.3","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Micro 5.4","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Micro 5.5","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Module for Containers 15 SP4","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"rootlesskit":"1.1.1-150000.1.3.3","docker":"24.0.7_ce-150000.190.4","docker-rootless-extras":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"rootlesskit","ecosystem":"SUSE:Linux Enterprise Module for Containers 15 SP4","purl":"pkg:rpm/suse/rootlesskit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-150000.1.3.3"}]}],"ecosystem_specific":{"binaries":[{"rootlesskit":"1.1.1-150000.1.3.3","docker":"24.0.7_ce-150000.190.4","docker-rootless-extras":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Module for Containers 15 SP5","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"rootlesskit":"1.1.1-150000.1.3.3","docker":"24.0.7_ce-150000.190.4","docker-rootless-extras":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"rootlesskit","ecosystem":"SUSE:Linux Enterprise Module for Containers 15 SP5","purl":"pkg:rpm/suse/rootlesskit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-150000.1.3.3"}]}],"ecosystem_specific":{"binaries":[{"rootlesskit":"1.1.1-150000.1.3.3","docker":"24.0.7_ce-150000.190.4","docker-rootless-extras":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker-fish-completion":"24.0.7_ce-150000.190.4","docker":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker-fish-completion":"24.0.7_ce-150000.190.4","docker":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Server 15 SP1-LTSS","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Server 15 SP2-LTSS","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Server 15 SP3-LTSS","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker-fish-completion":"24.0.7_ce-150000.190.4","docker":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP1","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP2","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP3","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker-fish-completion":"24.0.7_ce-150000.190.4","docker":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Micro 5.1","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Linux Enterprise Micro 5.2","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Micro%205.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"SUSE:Enterprise Storage 7.1","purl":"pkg:rpm/suse/docker&distro=SUSE%20Enterprise%20Storage%207.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker-fish-completion":"24.0.7_ce-150000.190.4","docker":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"openSUSE:Leap Micro 5.3","purl":"pkg:rpm/opensuse/docker&distro=openSUSE%20Leap%20Micro%205.3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"openSUSE:Leap Micro 5.4","purl":"pkg:rpm/opensuse/docker&distro=openSUSE%20Leap%20Micro%205.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"openSUSE:Leap 15.4","purl":"pkg:rpm/opensuse/docker&distro=openSUSE%20Leap%2015.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker-fish-completion":"24.0.7_ce-150000.190.4","docker-zsh-completion":"24.0.7_ce-150000.190.4","rootlesskit":"1.1.1-150000.1.3.3","docker":"24.0.7_ce-150000.190.4","docker-rootless-extras":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"rootlesskit","ecosystem":"openSUSE:Leap 15.4","purl":"pkg:rpm/opensuse/rootlesskit&distro=openSUSE%20Leap%2015.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-150000.1.3.3"}]}],"ecosystem_specific":{"binaries":[{"docker-fish-completion":"24.0.7_ce-150000.190.4","docker-zsh-completion":"24.0.7_ce-150000.190.4","rootlesskit":"1.1.1-150000.1.3.3","docker":"24.0.7_ce-150000.190.4","docker-rootless-extras":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"docker","ecosystem":"openSUSE:Leap 15.5","purl":"pkg:rpm/opensuse/docker&distro=openSUSE%20Leap%2015.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.7_ce-150000.190.4"}]}],"ecosystem_specific":{"binaries":[{"docker-fish-completion":"24.0.7_ce-150000.190.4","docker-zsh-completion":"24.0.7_ce-150000.190.4","rootlesskit":"1.1.1-150000.1.3.3","docker":"24.0.7_ce-150000.190.4","docker-rootless-extras":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}},{"package":{"name":"rootlesskit","ecosystem":"openSUSE:Leap 15.5","purl":"pkg:rpm/opensuse/rootlesskit&distro=openSUSE%20Leap%2015.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-150000.1.3.3"}]}],"ecosystem_specific":{"binaries":[{"docker-fish-completion":"24.0.7_ce-150000.190.4","docker-zsh-completion":"24.0.7_ce-150000.190.4","rootlesskit":"1.1.1-150000.1.3.3","docker":"24.0.7_ce-150000.190.4","docker-rootless-extras":"24.0.7_ce-150000.190.4","docker-bash-completion":"24.0.7_ce-150000.190.4"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4936-1.json"}}],"schema_version":"1.7.3"}