Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2018:4297-1 Important: Containerd, Docker And Go Security Update

suse
Calendar Grey December 29, 2018
Dist Suse Esm H88
SUSE has released a security update for containerd, docker, and go, addressing 4 vulnerabilities with 17 patches to strengthen security measures.
An update that solves four vulnerabilities and has 17 fixes is now available

Summary

This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd (bsc#1102522, bsc#1113313) - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) - Enable seccomp support on SLE12 (fate#325877) - Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) - Put containerd under the podruntime slice (bsc#1086185) - 3rd party registries used the default Docker certificate (bsc#1084533) - Handle build breakage due to missing 'export GOPATH' (caused by resolution of boo#1119634). I believe Docker is one of the only packages with this problem. go: - golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187)

References

#1047218 #1074971 #1080978 #1081495 #1084533

#1086185 #1094680 #1095817 #1098017 #1102522

#1104821 #1105000 #1108038 #1113313 #1113978

#1114209 #1118897 #1118898 #1118899 #1119634

#1119706

Cross- CVE-2018-16873 CVE-2018-16874 CVE-2018-16875

CVE-2018-7187

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Containers 15

https://www.suse.com/security/cve/CVE-2018-16873.html

https://www.suse.com/security/cve/CVE-2018-16874.html

https://www.suse.com/security/cve/CVE-2018-16875.html

https://www.suse.com/security/cve/CVE-2018-7187.html

https://bugzilla.suse.com/1047218

https://bugzilla.suse.com/1074971

https://bugzilla.suse.com/1080978

https://bugzilla.suse.com/1081495

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:4297-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here