SECURITY: Fedora 35 Update: moby-engine-20.10.9-1.fc35
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-b5a9a481a2
2021-10-29 22:48:33.391790
--------------------------------------------------------------------------------
Name : moby-engine
Product : Fedora 35
Version : 20.10.9
Release : 1.fc35
URL : https://www.docker.com
Summary : The open-source application container engine
Description :
Docker is an open source project to build, ship and run any application as a
lightweight container.
Docker containers are both hardware-agnostic and platform-agnostic. This means
they can run anywhere, from your laptop to the largest EC2 compute instance and
everything in between - and they don't require you to use a particular
language, framework or packaging system. That makes them great building blocks
for deploying and scaling web apps, databases, and backend services without
depending on a particular stack or provider.
--------------------------------------------------------------------------------
Update Information:
Security fixes for moby-engine and containerd containerd: - fixes
CVE-2021-41103 - Fix insufficiently restricted permissions on container root and
plugin directories - update to upstream 1.5.7 moby-engine: - fixes
CVE-2021-41092, CVE-2021-41089 and CVE-2021-41091 - patches seccomp policy to
fix clone3() issue - update to upstream 20.10.9
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 8 2021 Maxwell G - 20.10.9-1
- Update to 20.10.9 (fixes rhbz#2010508)
- Patch seccomp policy to fix clone3() issue (fixes rhbz#2011523 and rhbz#1988199)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2011007 - CVE-2021-41103 containerd: insufficiently restricted permissions on container root and plugin directories
https://bugzilla.redhat.com/show_bug.cgi?id=2011007
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-b5a9a481a2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
A moby-engine security update has been released for Fedora 35.