SUSE-SU-2019:0573-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:0573-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2019:0573-1
- Related
- Published
- 2019-03-08T12:49:44Z
- Modified
- 2019-03-08T12:49:44Z
- Summary
- Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
- Details
-
This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:
Security issues fixed:
- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).
- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).
- CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).
- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967).
Other changes and bug fixes:
- Update shell completion to use Group: System/Shells.
- Add daemon.json file with rotation logs configuration (bsc#1114832)
- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
- Disable leap based builds for kubic flavor (bsc#1121412).
- Allow users to explicitly specify the NIS domain name of a container (bsc#1001161).
- Update docker.service to match upstream and avoid rlimit problems (bsc#1112980).
- Update go requirements to >= go1.10
- Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).
- Remove the usage of 'cp -r' to reduce noise in the build logs.
- References
-
- https://www.suse.com/support/update/announcement/2019/suse-su-20190573-1/
- https://bugzilla.suse.com/1001161
- https://bugzilla.suse.com/1048046
- https://bugzilla.suse.com/1051429
- https://bugzilla.suse.com/1112980
- https://bugzilla.suse.com/1114832
- https://bugzilla.suse.com/1118897
- https://bugzilla.suse.com/1118898
- https://bugzilla.suse.com/1118899
- https://bugzilla.suse.com/1121412
- https://bugzilla.suse.com/1121967
- https://bugzilla.suse.com/1124308
- https://www.suse.com/security/cve/CVE-2016-9962
- https://www.suse.com/security/cve/CVE-2018-16873
- https://www.suse.com/security/cve/CVE-2018-16874
- https://www.suse.com/security/cve/CVE-2018-16875
- https://www.suse.com/security/cve/CVE-2019-5736
Affected packages
SUSE:OpenStack Cloud 6-LTSS / containerd
Package
- Name
- containerd
- Purl
- purl:rpm/suse/containerd&distro=SUSE%20OpenStack%20Cloud%206-LTSS
SUSE:OpenStack Cloud 6-LTSS / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20OpenStack%20Cloud%206-LTSS
SUSE:OpenStack Cloud 6-LTSS / docker-runc
Package
- Name
- docker-runc
- Purl
- purl:rpm/suse/docker-runc&distro=SUSE%20OpenStack%20Cloud%206-LTSS
SUSE:OpenStack Cloud 6-LTSS / golang-github-docker-libnetwork
Package
- Name
- golang-github-docker-libnetwork
- Purl
- purl:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20OpenStack%20Cloud%206-LTSS
SUSE:Linux Enterprise Module for Containers 12 / containerd
Package
- Name
- containerd
- Purl
- purl:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012
SUSE:Linux Enterprise Module for Containers 12 / docker
Package
- Name
- docker
- Purl
- purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012
SUSE:Linux Enterprise Module for Containers 12 / docker-runc
Package
- Name
- docker-runc
- Purl
- purl:rpm/suse/docker-runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012
SUSE:Linux Enterprise Module for Containers 12 / golang-github-docker-libnetwork
Package
- Name
- golang-github-docker-libnetwork
- Purl
- purl:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012