This update for
- containerd
- docker to 1.12.6
- runc
fixes the two issues.
This security issue was fixed:
CVE-2016-9962: A difficult to exploit race condition caused by passing a file descriptor from the host's filesystem into the container could have allowed the guest to escape(bsc#1012568).
For docker this non-security issue was fixed:
bsc#1019251: Waiting when starting the docker service