SB2022012783 - SUSE update for containerd, docker
Published: January 27, 2022 Updated: July 5, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Improper Preservation of Permissions (CVE-ID: CVE-2021-41089)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
2) Improper Preservation of Permissions (CVE-ID: CVE-2021-41091)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
3) Information disclosure (CVE-ID: CVE-2021-41092)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
4) Incorrect default permissions (CVE-ID: CVE-2021-41103)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for container root directories and some plugins. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host can discover, read, and modify those files.
5) Type Confusion (CVE-ID: CVE-2021-41190)
The vulnerability allows a remote attacker to compromise the system.
The vulnerability exists due to a type confusion error. A remote authenticated attacker can pass specially crafted data to the application, trigger a type confusion error and interpret the resulting content differently.
Remediation
Install update from vendor's website.