Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

SUSE: 2019:2117-1 Important: Docker, Containerd Security Updates

suse
Calendar Grey August 13, 2019
Dist Suse Esm H88
SUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libn
An update that solves four vulnerabilities and has three fixes is now available

Summary

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc: - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd: - CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). - Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork:

References

#1100331 #1121967 #1138920 #1139649 #1142160

#1142413 #1143409

Cross- CVE-2018-10892 CVE-2019-13509 CVE-2019-14271

CVE-2019-5736

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Containers 15-SP1

SUSE Linux Enterprise Module for Containers 15

https://www.suse.com/security/cve/CVE-2018-10892.html

https://www.suse.com/security/cve/CVE-2019-13509.html

https://www.suse.com/security/cve/CVE-2019-14271.html

https://www.suse.com/security/cve/CVE-2019-5736.html

https://bugzilla.suse.com/1100331

https://bugzilla.suse.com/1121967

https://bugzilla.suse.com/1138920

https://bugzilla.suse.com/1139649

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:2117-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.