SUSE-SU-2018:4297-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:4297-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2018:4297-1
- Related
- Published
- 2018-12-28T17:39:11Z
- Modified
- 2018-12-28T17:39:11Z
- Summary
- Security update for containerd, docker and go
- Details
-
This update for containerd, docker and go fixes the following issues:
containerd and docker:
- Add backport for building containerd (bsc#1102522, bsc#1113313)
- Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522)
- Enable seccomp support on SLE12 (fate#325877)
- Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522)
- Put containerd under the podruntime slice (bsc#1086185)
- 3rd party registries used the default Docker certificate (bsc#1084533)
- Handle build breakage due to missing 'export GOPATH' (caused by resolution of boo#1119634). I believe Docker is one of the only packages with this problem.
go:
- golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187)
- Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634)
- Fix a regression that broke go get for import path patterns containing '...' (bsc#1119706)
Additionally, the package go1.10 has been added.
- References
-
- https://www.suse.com/support/update/announcement/2018/suse-su-20184297-1/
- https://bugzilla.suse.com/1047218
- https://bugzilla.suse.com/1074971
- https://bugzilla.suse.com/1080978
- https://bugzilla.suse.com/1081495
- https://bugzilla.suse.com/1084533
- https://bugzilla.suse.com/1086185
- https://bugzilla.suse.com/1094680
- https://bugzilla.suse.com/1095817
- https://bugzilla.suse.com/1098017
- https://bugzilla.suse.com/1102522
- https://bugzilla.suse.com/1104821
- https://bugzilla.suse.com/1105000
- https://bugzilla.suse.com/1108038
- https://bugzilla.suse.com/1113313
- https://bugzilla.suse.com/1113978
- https://bugzilla.suse.com/1114209
- https://bugzilla.suse.com/1118897
- https://bugzilla.suse.com/1118898
- https://bugzilla.suse.com/1118899
- https://bugzilla.suse.com/1119634
- https://bugzilla.suse.com/1119706
- https://www.suse.com/security/cve/CVE-2018-16873
- https://www.suse.com/security/cve/CVE-2018-16874
- https://www.suse.com/security/cve/CVE-2018-16875
- https://www.suse.com/security/cve/CVE-2018-7187
Affected packages
SUSE:Linux Enterprise Module for Containers 15 / containerd
Package
- Name
- containerd
- Purl
- purl:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015
SUSE:Linux Enterprise Module for Containers 15 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015
SUSE:Linux Enterprise Module for Containers 15 / docker-runc
Package
- Name
- docker-runc
- Purl
- purl:rpm/suse/docker-runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015
SUSE:Linux Enterprise Module for Containers 15 / golang-github-docker-libnetwork
Package
- Name
- golang-github-docker-libnetwork
- Purl
- purl:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015