SUSE: 2019:2119-1 Important: Docker and Containerd Issues Resolved
suse
August 13, 2019
An update that solves four vulnerabilities and has one errata is now available
Summary
This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413). golang-github-docker-libnetwork: - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:
References
#1100331 #1121967 #1142160 #1142413 #1143409
Cross- CVE-2018-10892 CVE-2019-13509 CVE-2019-14271
CVE-2019-5736
Affected Products:
SUSE OpenStack Cloud 6-LTSS
SUSE Linux Enterprise Module for Containers 12
SUSE CaaS Platform 3.0
https://www.suse.com/security/cve/CVE-2018-10892.html
https://www.suse.com/security/cve/CVE-2019-13509.html
https://www.suse.com/security/cve/CVE-2019-14271.html
https://www.suse.com/security/cve/CVE-2019-5736.html
https://bugzilla.suse.com/1100331
https://bugzilla.suse.com/1121967
https://bugzilla.suse.com/1142160
https://bugzilla.suse.com/1142413
https://bugzilla.suse.com/1143409
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:2119-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!