This update for docker, docker-runc, containerd, golang-github-docker-libnetwork fixes several issues.
These security issues were fixed:
CVE-2017-16539: The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi pathnames, which allowed attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a 'scsi remove-single-device' line to /proc/scsi/scsi, aka SCSI MICDROP (bnc#1066801)
CVE-2017-14992: Lack of content verification in docker allowed a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. (bnc#1066210)
These non-security issues were fixed:
docker info
.Please note that the 'docker-runc' package is just a rename of the old 'runc' package to match that we now ship the Docker fork of runc.