{"affected":[{"ecosystem_specific":{"binaries":[{"docker":"25.0.6_ce-1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"docker","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"25.0.6_ce-1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for docker fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)\n- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)\n- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)\n- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)\n\nOther changes:\n\n- Update to Docker 25.0.6-ce.\n- Fix BuildKit's symlink resolution logic to correctly handle non-lexical\n  symlinks. (bsc#1221916)\n- Write volume options atomically so sudden system crashes won't result in\n  future Docker starts failing due to empty files. (bsc#1214855)\n- Fixed world writable docker overlay files (bsc#1220339)\n","id":"SUSE-SU-2025:20056-1","modified":"2025-02-03T08:56:52Z","published":"2025-02-03T08:56:52Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520056-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210141"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214855"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215323"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217513"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219267"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219268"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219438"},{"type":"REPORT","url":"https://bugzilla.suse.com/1220339"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221916"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223409"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228324"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-23651"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-23652"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-23653"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-41110"}],"related":["CVE-2024-23651","CVE-2024-23652","CVE-2024-23653","CVE-2024-41110"],"summary":"Security update for docker","upstream":["CVE-2024-23651","CVE-2024-23652","CVE-2024-23653","CVE-2024-41110"]}