Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

openSUSE 15.0: 2018:4306-1 Important: Containerd & Docker Security Fix

opensuse
Calendar Grey December 29, 2018
Dist Opensuse Esm H88
A significant patch for Fedora rectifies various vulnerabilities impacting podman, buildah, and the go programming language.
An update that solves four vulnerabilities and has 17 fixes is now available.

Description

This update for containerd, docker and go fixes the following issues:

containerd and docker:

- Add backport for building containerd (bsc#1102522, bsc#1113313)

- Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce.

(bsc#1102522)

- Enable seccomp support (fate#325877)

- Update to containerd v1.1.1, which is the required version for the

Docker v18.06.0-ce upgrade. (bsc#1102522)

- Put containerd under the podruntime slice (bsc#1086185)

- 3rd party registries used the default Docker certificate (bsc#1084533)

- Handle build breakage due to missing 'export GOPATH' (caused by

resolution of boo#1119634). I believe Docker is one of the only packages

with this problem.

go:

- golang: arbitrary command execution via VCS path (bsc#1081495,

CVE-2018-7187)

- Make profile.d/go.sh no longer set GOROOT=, in order to make switching

between versions no longer break. This ends up removing the need for

go.sh...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1626=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

go-1.10.4-lp150.2.7.1

go-doc-1.10.4-lp150.2.7.1

- openSUSE Leap 15.0 (x86_64):

containerd-1.1.2-lp150.4.3.1

containerd-ctr-1.1.2-lp150.4.3.1

containerd-kubic-1.1.2-lp150.4.3.1

containerd-kubic-ctr-1.1.2-lp150.4.3.1

docker-18.06.1_ce-lp150.5.6.1

docker-debuginfo-18.06.1_ce-lp150.5.6.1

docker-debugsource-18.06.1_ce-lp150.5.6.1

docker-kubic-18.06.1_ce-lp150.5.6.1

docker-kubic-debuginfo-18.06.1_ce-lp150.5.6.1

docker-kubic-debugsource-18.06.1_ce-lp150.5.6.1

docker-kubic-test-18.06.1_ce-lp150.5.6.1

docker-kubic-test-debuginfo-18.06.1_ce-lp150.5.6.1

docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1

docker-libnetwork-debuginfo-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1

docker-libnetwork-kubic-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1

docker-libnetwork-kubic-debuginfo-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1

docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1

docker-runc-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1

docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-16873.html

https://www.suse.com/security/cve/CVE-2018-16874.html

https://www.suse.com/security/cve/CVE-2018-16875.html

https://www.suse.com/security/cve/CVE-2018-7187.html

https://bugzilla.suse.com/1047218

https://bugzilla.suse.com/1074971

https://bugzilla.suse.com/1080978

https://bugzilla.suse.com/1081495

https://bugzilla.suse.com/1084533

https://bugzilla.suse.com/1086185

https://bugzilla.suse.com/1094680

https://bugzilla.suse.com/1095817

https://bugzilla.suse.com/1098017

https://bugzilla.suse.com/1102522

https://bugzilla.suse.com/1104821

https://bugzilla.suse.com/1105000

https://bugzilla.suse.com/1108038

https://bugzilla.suse.com/1113313

https://bugzilla.suse.com/1113978

https://bugzilla.suse.com/1114209

https://bugzilla.suse.com/1118897

https://bugzilla.suse.com/1118898

https://bugzilla.suse.com/1118899

https://bugzilla.suse.com/1119634

https://bugzilla.suse.com/1119706

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:4306-1
Rating: important
Affected Products: openSUSE Leap 15.0 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here