This update for buildah, caasp-cli, caasp-dex, cni-plugins, container-feeder, containerd-kubic, cri-o, cri-tools, docker-kubic, docker-runc-kubic, etcd, flannel, golang-github-docker-libnetwork-kubic, helm, kubernetes, kubernetes-dns, libcontainers-storage, podman, runc, skopeo, umoci fixes the following issues: - Require golang = 1.10 to fix: * bsc#1118897 CVE-2018-16873 go#29230 cmd/go: remote command execution during "go get -u" * bsc#1118898 CVE-2018-16874 go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths * bsc#1118899 CVE-2018-16875 go#29233 crypto/x509: CPU denial of service Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
#1118897 #1118898 #1118899
Cross- CVE-2018-16873 CVE-2018-16874 CVE-2018-16875
Affected Products:
SUSE CaaS Platform 3.0
https://www.suse.com/security/cve/CVE-2018-16873.html
https://www.suse.com/security/cve/CVE-2018-16874.html
https://www.suse.com/security/cve/CVE-2018-16875.html
https://bugzilla.suse.com/1118897
https://bugzilla.suse.com/1118898
https://bugzilla.suse.com/1118899
Get the latest Linux and open source security news straight to your inbox.