OVAL Reference oval:org.opensuse.security:def:202224769

Oval Definition:

oval:org.opensuse.security:def:202224769

Revision Date:	2023-06-22	Version:	1
Title:	CVE-2022-24769
Description:	Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	Mitre CVE-2022-24769 SUSE CVE-2022-24769 SUSE-SU-2022:1507-1 SUSE-SU-2022:1689-1 SUSE-IU-2022:671-1 SUSE-IU-2022:678-1 SUSE-IU-2022:679-1 SUSE-IU-2022:814-1 SUSE-IU-2022:817-1 SUSE-IU-2022:836-1 SUSE-IU-2022:853-1 SUSE-IU-2022:859-1 SUSE-IU-2022:878-1
Platform(s):	Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed SUSE CaaS Platform 4.0 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Containers 15 SP3 SUSE Linux Enterprise Module for Containers 15 SP4 SUSE Linux Enterprise Module for Containers 15 SP5 SUSE Linux Enterprise Module for Package Hub 15 SP3 SUSE Linux Enterprise Server 15 SP1-BCL SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-BCL SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3	Product(s):
Definition Synopsis
SUSE Linux Enterprise Module for Package Hub 15 SP3 is installed AND containerd-ctr-1.5.11-150000.68.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 15 SP1-LTSS is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE CaaS Platform 4.0 is installed OR SUSE Linux Enterprise Server 15 SP1-BCL is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS is installed OR SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 15 SP1-LTSS is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise Server 15 SP1-BCL is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS is installed OR SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 15 SP2-LTSS is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise Server 15 SP2-BCL is installed OR SUSE Manager Proxy 4.1 is installed OR SUSE Manager Retail Branch Server 4.1 is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS is installed OR SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Manager Server 4.1 is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Module for Package Hub 15 SP3 is installed AND containerd-ctr-1.5.11-150000.68.1 is installed OR Package Information SUSE Linux Enterprise High Performance Computing 15 SP3 is installed OR SUSE Linux Enterprise Module for Containers 15 SP3 is installed OR SUSE Linux Enterprise Server 15 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed OR SUSE Linux Enterprise Storage 7.1 is installed OR SUSE Manager Proxy 4.2 is installed OR SUSE Manager Retail Branch Server 4.2 is installed OR SUSE Manager Server 4.2 is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR docker-fish-completion-20.10.14_ce-150000.163.1 is installed
Definition Synopsis
SUSE Linux Enterprise Micro 5.0 is installed AND Package Information containerd-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed
Definition Synopsis
SUSE Linux Enterprise Micro 5.1 is installed AND Package Information containerd-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed
Definition Synopsis
SUSE Linux Enterprise Micro 5.2 is installed AND Package Information containerd-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Module for Package Hub 15 SP3 is installed AND containerd-ctr-1.5.11-150000.68.1 is installed OR Package Information SUSE Linux Enterprise High Performance Computing 15 SP3 is installed OR SUSE Linux Enterprise Module for Containers 15 SP3 is installed OR SUSE Linux Enterprise Server 15 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed OR SUSE Linux Enterprise Storage 7.1 is installed OR SUSE Manager Proxy 4.2 is installed OR SUSE Manager Retail Branch Server 4.2 is installed OR SUSE Manager Server 4.2 is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR docker-fish-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise Server 15 SP2-LTSS is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise Server 15 SP2-BCL is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Enterprise Storage 7 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS is installed OR SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed
Definition Synopsis
openSUSE Leap 15.3 is installed AND Package Information containerd-1.5.11-150000.68.1 is installed AND containerd is signed with openSUSE key OR containerd-ctr-1.5.11-150000.68.1 is installed AND containerd-ctr is signed with openSUSE key OR docker-20.10.14_ce-150000.163.1 is installed AND docker is signed with openSUSE key OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed AND docker-bash-completion is signed with openSUSE key OR docker-fish-completion-20.10.14_ce-150000.163.1 is installed AND docker-fish-completion is signed with openSUSE key OR docker-kubic-20.10.14_ce-150000.163.1 is installed AND docker-kubic is signed with openSUSE key OR docker-kubic-bash-completion-20.10.14_ce-150000.163.1 is installed AND docker-kubic-bash-completion is signed with openSUSE key OR docker-kubic-fish-completion-20.10.14_ce-150000.163.1 is installed AND docker-kubic-fish-completion is signed with openSUSE key OR docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1 is installed AND docker-kubic-kubeadm-criconfig is signed with openSUSE key OR docker-kubic-zsh-completion-20.10.14_ce-150000.163.1 is installed AND docker-kubic-zsh-completion is signed with openSUSE key OR docker-zsh-completion-20.10.14_ce-150000.163.1 is installed AND docker-zsh-completion is signed with openSUSE key
Definition Synopsis
openSUSE Leap 15.4 is installed AND Package Information containerd-1.5.11-150000.68.1 is installed AND containerd is signed with openSUSE key OR containerd-ctr-1.5.11-150000.68.1 is installed AND containerd-ctr is signed with openSUSE key OR docker-20.10.14_ce-150000.163.1 is installed AND docker is signed with openSUSE key OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed AND docker-bash-completion is signed with openSUSE key OR docker-fish-completion-20.10.14_ce-150000.163.1 is installed AND docker-fish-completion is signed with openSUSE key OR docker-kubic-20.10.14_ce-150000.163.1 is installed AND docker-kubic is signed with openSUSE key OR docker-kubic-bash-completion-20.10.14_ce-150000.163.1 is installed AND docker-kubic-bash-completion is signed with openSUSE key OR docker-kubic-fish-completion-20.10.14_ce-150000.163.1 is installed AND docker-kubic-fish-completion is signed with openSUSE key OR docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1 is installed AND docker-kubic-kubeadm-criconfig is signed with openSUSE key OR docker-kubic-zsh-completion-20.10.14_ce-150000.163.1 is installed AND docker-kubic-zsh-completion is signed with openSUSE key OR docker-zsh-completion-20.10.14_ce-150000.163.1 is installed AND docker-zsh-completion is signed with openSUSE key
Definition Synopsis
openSUSE Tumbleweed is installed AND Package Information containerd-1.5.11-1.1 is installed OR containerd-ctr-1.5.11-1.1 is installed OR docker-20.10.14_ce-1.1 is installed OR docker-bash-completion-20.10.14_ce-1.1 is installed OR docker-fish-completion-20.10.14_ce-1.1 is installed OR docker-zsh-completion-20.10.14_ce-1.1 is installed OR runc-1.1.2-1.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise High Performance Computing 15 SP4 is installed OR SUSE Linux Enterprise Module for Containers 15 SP4 is installed OR SUSE Linux Enterprise Server 15 SP4 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed OR SUSE Manager Proxy 4.3 is installed OR SUSE Manager Retail Branch Server 4.3 is installed OR SUSE Manager Server 4.3 is installed AND Package Information containerd-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise High Performance Computing 15 SP4 is installed OR SUSE Linux Enterprise Module for Containers 15 SP4 is installed OR SUSE Linux Enterprise Server 15 SP4 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed OR SUSE Manager Proxy 4.3 is installed OR SUSE Manager Retail Branch Server 4.3 is installed OR SUSE Manager Server 4.3 is installed AND containerd-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information Image SLES15-SP4-Manager-Proxy-4-3-BYOS is installed OR Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure is installed OR Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 is installed OR Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE is installed OR Image SLES15-SP4-Manager-Server-4-3-BYOS is installed OR Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure is installed OR Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 is installed OR Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE is installed AND containerd-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 15 SP2-LTSS is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise Server 15 SP2-BCL is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS is installed OR SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed OR Package Information SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed AND containerd-1.5.11-150000.68.1 is installed OR containerd-ctr-1.5.11-150000.68.1 is installed OR docker-20.10.14_ce-150000.163.1 is installed OR docker-bash-completion-20.10.14_ce-150000.163.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise High Performance Computing 15 SP5 is installed OR SUSE Linux Enterprise Module for Containers 15 SP5 is installed OR SUSE Linux Enterprise Server 15 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed AND Package Information containerd-1.6.19-150000.87.1 is installed OR containerd-ctr-1.6.19-150000.87.1 is installed OR containerd-devel-1.6.19-150000.87.1 is installed OR docker-20.10.23_ce-150000.175.1 is installed OR docker-bash-completion-20.10.23_ce-150000.175.1 is installed

BACK