An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1936 Final 1.0 1.0 2022-09-23 Initial 2022-09-23 2022-09-23 openEuler SA Tool V1.0 2022-09-23 docker security update An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. Docker is an open source project to build, ship and run any application as a lightweight container. Security Fix(es): Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.(CVE-2022-36109) An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium docker https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1936 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-36109 https://nvd.nist.gov/vuln/detail/CVE-2022-36109 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS docker-engine-18.09.0-243.oe1.aarch64.rpm docker-engine-18.09.0-243.oe1.aarch64.rpm docker-engine-18.09.0-310.oe2203.aarch64.rpm docker-engine-debugsource-18.09.0-310.oe2203.aarch64.rpm docker-engine-debuginfo-18.09.0-310.oe2203.aarch64.rpm docker-engine-18.09.0-243.oe1.src.rpm docker-engine-18.09.0-243.oe1.src.rpm docker-engine-18.09.0-310.oe2203.src.rpm docker-engine-18.09.0-243.oe1.x86_64.rpm docker-engine-18.09.0-243.oe1.x86_64.rpm docker-engine-18.09.0-310.oe2203.x86_64.rpm docker-engine-debuginfo-18.09.0-310.oe2203.x86_64.rpm docker-engine-debugsource-18.09.0-310.oe2203.x86_64.rpm Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the ` USER $USERNAME ` Dockerfile instruction. Instead by calling `ENTRYPOINT [ su , - , user ]` the supplementary groups will be set up properly. 2022-09-23 CVE-2022-36109 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Medium 6.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L docker security update 2022-09-23 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1936