SUSE: 2019:1264-1 Important: Docker and Go Denial of Service Fixes

suse

May 16, 2019

An update that solves four vulnerabilities and has 6 fixes is now available

Summary

This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go security release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, boo#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, boo#1134068).

Topics Covered

security advisory denial of service important SUSE docker containerd go

References

#1114209 #1114832 #1118897 #1118898 #1118899

#1121397 #1123013 #1128376 #1128746 #1134068

Cross- CVE-2018-16873 CVE-2018-16874 CVE-2018-16875

CVE-2019-6486

Affected Products:

SUSE Linux Enterprise Module for Containers 12

SUSE CaaS Platform 3.0

OpenStack Cloud Magnum Orchestration 7

https://www.suse.com/security/cve/CVE-2018-16873.html

https://www.suse.com/security/cve/CVE-2018-16874.html

https://www.suse.com/security/cve/CVE-2018-16875.html

https://www.suse.com/security/cve/CVE-2019-6486.html

https://bugzilla.suse.com/1114209

https://bugzilla.suse.com/1114832

https://bugzilla.suse.com/1118897

https://bugzilla.suse.com/1118898

https://bugzilla.suse.com/1118899

https://bugzilla.suse.com/1121397

https://bugzilla.suse.com/1123013

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2019:1264-1

Rating: important

Topics Covered

security advisory denial of service important SUSE docker containerd go

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:1264-1 Important: Docker and Go Denial of Service Fixes

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:1264-1 Important: Docker and Go Denial of Service Fixes

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!