Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2022:4463-1

UNKNOWN

Security update for containerd

Published Dec 13, 2022

Modified 3 years ago

Fix available

Details

This update for containerd fixes the following issues:

Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065).

Also includes the following fix:

CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).
CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284).

Affected Packages

SUSE:Enterprise Storage 6containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Enterprise Storage 6containerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Enterprise Storage 7containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Enterprise Storage 7containerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-ESPOScontainerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-ESPOScontainerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSScontainerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSScontainerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOScontainerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOScontainerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSScontainerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSScontainerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise High Performance Computing 15-ESPOScontainerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise High Performance Computing 15-ESPOScontainerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise High Performance Computing 15-LTSScontainerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise High Performance Computing 15-LTSScontainerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Micro 5.1containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Micro 5.2containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Micro 5.3containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Module for Containers 15 SP3containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Module for Containers 15 SP3containerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Module for Containers 15 SP4containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Module for Containers 15 SP4containerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Module for Package Hub 15 SP3containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Module for Package Hub 15 SP3containerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server 15 SP1-BCLcontainerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server 15 SP1-BCLcontainerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server 15 SP1-LTSScontainerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server 15 SP1-LTSScontainerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server 15 SP2-BCLcontainerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server 15 SP2-BCLcontainerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server 15 SP2-LTSScontainerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server 15 SP2-LTSScontainerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server 15-LTSScontainerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server 15-LTSScontainerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server for SAP Applications 15containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server for SAP Applications 15containerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1containerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2containerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Manager Proxy 4.1containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Manager Proxy 4.1containerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Manager Retail Branch Server 4.1containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Manager Retail Branch Server 4.1containerd-ctr

Fixed in:

1.6.12-150000.79.1

SUSE:Manager Server 4.1containerd

Fixed in:

1.6.12-150000.79.1

SUSE:Manager Server 4.1containerd-ctr

Fixed in:

1.6.12-150000.79.1

openSUSE:Leap 15.3containerd

Fixed in:

1.6.12-150000.79.1

openSUSE:Leap 15.3containerd-ctr

Fixed in:

1.6.12-150000.79.1

openSUSE:Leap 15.4containerd

Fixed in:

1.6.12-150000.79.1

openSUSE:Leap 15.4containerd-ctr

Fixed in:

1.6.12-150000.79.1

openSUSE:Leap Micro 5.2containerd

Fixed in:

1.6.12-150000.79.1

openSUSE:Leap Micro 5.3containerd

Fixed in:

1.6.12-150000.79.1

References

REPORThttps://bugzilla.suse.com/1197284 REPORThttps://bugzilla.suse.com/1206065 REPORThttps://bugzilla.suse.com/1206235 WEBhttps://www.suse.com/security/cve/CVE-2022-23471 WEBhttps://www.suse.com/security/cve/CVE-2022-27191 ADVISORYhttps://www.suse.com/support/update/announcement/2022/suse-su-20224463-1/

Upstream

CVE-2022-23471 CVE-2022-27191

Related

CVE-2022-23471 CVE-2022-27191

Ecosystems

SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15 SP3 SUSE Linux Enterprise Module for Containers 15 SP4 SUSE Linux Enterprise Module for Package Hub 15 SP3 SUSE Linux Enterprise Server 15 SP1-BCL SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-BCL SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3

Timeline

PublishedDec 13, 2022

ModifiedDec 13, 2022

SUSE-SU-2022:4463-1 | Mondoo Vulnerability Intelligence