You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa containerd, docker i go

Sigurnosni nedostaci programskih paketa containerd, docker i go

openSUSE Security Update: Security update for containerd, docker and go
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:4306-1
Rating: important
References: #1047218 #1074971 #1080978 #1081495 #1084533
#1086185 #1094680 #1095817 #1098017 #1102522
#1104821 #1105000 #1108038 #1113313 #1113978
#1114209 #1118897 #1118898 #1118899 #1119634
#1119706
Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875
CVE-2018-7187
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves four vulnerabilities and has 17 fixes
is now available.

Description:

This update for containerd, docker and go fixes the following issues:

containerd and docker:

– Add backport for building containerd (bsc#1102522, bsc#1113313)
– Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce.
(bsc#1102522)
– Enable seccomp support (fate#325877)
– Update to containerd v1.1.1, which is the required version for the
Docker v18.06.0-ce upgrade. (bsc#1102522)
– Put containerd under the podruntime slice (bsc#1086185)
– 3rd party registries used the default Docker certificate (bsc#1084533)
– Handle build breakage due to missing ‘export GOPATH’ (caused by
resolution of boo#1119634). I believe Docker is one of the only packages
with this problem.

go:

– golang: arbitrary command execution via VCS path (bsc#1081495,
CVE-2018-7187)
– Make profile.d/go.sh no longer set GOROOT=, in order to make switching
between versions no longer break. This ends up removing the need for
go.sh entirely (because GOPATH is also set automatically) (boo#1119634)
– Fix a regression that broke go get for import path patterns containing
“…” (bsc#1119706)

Additionally, the package go1.10 has been added.

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1626=1

Package List:

– openSUSE Leap 15.0 (i586 x86_64):

go-1.10.4-lp150.2.7.1
go-doc-1.10.4-lp150.2.7.1

– openSUSE Leap 15.0 (x86_64):

containerd-1.1.2-lp150.4.3.1
containerd-ctr-1.1.2-lp150.4.3.1
containerd-kubic-1.1.2-lp150.4.3.1
containerd-kubic-ctr-1.1.2-lp150.4.3.1
docker-18.06.1_ce-lp150.5.6.1
docker-debuginfo-18.06.1_ce-lp150.5.6.1
docker-debugsource-18.06.1_ce-lp150.5.6.1
docker-kubic-18.06.1_ce-lp150.5.6.1
docker-kubic-debuginfo-18.06.1_ce-lp150.5.6.1
docker-kubic-debugsource-18.06.1_ce-lp150.5.6.1
docker-kubic-test-18.06.1_ce-lp150.5.6.1
docker-kubic-test-debuginfo-18.06.1_ce-lp150.5.6.1
docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1
docker-libnetwork-debuginfo-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1
docker-libnetwork-kubic-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1
docker-libnetwork-kubic-debuginfo-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1
docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1
docker-runc-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1
docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1
docker-runc-kubic-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1
docker-test-18.06.1_ce-lp150.5.6.1
docker-test-debuginfo-18.06.1_ce-lp150.5.6.1
go-race-1.10.4-lp150.2.7.1
go1.10-1.10.7-lp150.2.1
go1.10-doc-1.10.7-lp150.2.1
go1.10-race-1.10.7-lp150.2.1
golang-github-docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1
golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1

– openSUSE Leap 15.0 (noarch):

containerd-kubic-test-1.1.2-lp150.4.3.1
containerd-test-1.1.2-lp150.4.3.1
docker-bash-completion-18.06.1_ce-lp150.5.6.1
docker-kubic-bash-completion-18.06.1_ce-lp150.5.6.1
docker-kubic-zsh-completion-18.06.1_ce-lp150.5.6.1
docker-runc-kubic-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1
docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1
docker-zsh-completion-18.06.1_ce-lp150.5.6.1
golang-packaging-15.0.11-lp150.2.3.1

References:

https://www.suse.com/security/cve/CVE-2018-16873.html
https://www.suse.com/security/cve/CVE-2018-16874.html
https://www.suse.com/security/cve/CVE-2018-16875.html
https://www.suse.com/security/cve/CVE-2018-7187.html
https://bugzilla.suse.com/1047218
https://bugzilla.suse.com/1074971
https://bugzilla.suse.com/1080978
https://bugzilla.suse.com/1081495
https://bugzilla.suse.com/1084533
https://bugzilla.suse.com/1086185
https://bugzilla.suse.com/1094680
https://bugzilla.suse.com/1095817
https://bugzilla.suse.com/1098017
https://bugzilla.suse.com/1102522
https://bugzilla.suse.com/1104821
https://bugzilla.suse.com/1105000
https://bugzilla.suse.com/1108038
https://bugzilla.suse.com/1113313
https://bugzilla.suse.com/1113978
https://bugzilla.suse.com/1114209
https://bugzilla.suse.com/1118897
https://bugzilla.suse.com/1118898
https://bugzilla.suse.com/1118899
https://bugzilla.suse.com/1119634
https://bugzilla.suse.com/1119706


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke leptonica

Otkriveni su sigurnosni nedostaci programske biblioteke leptonica za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju zaobilaženje sigurnosnih ograničenja ili...

Close