Lucene search

K
suseSuseOPENSUSE-SU-2019:1506-1
HistoryJun 03, 2019 - 12:00 a.m.

Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (important)

2019-06-0300:00:00
lists.opensuse.org
106
containerd
docker
docker-runc
go
golang-github-docker-libnetwork
security
update
vulnerabilities
fixes
cve-2019-5736
cve-2019-6486
cve-2018-16873
cve-2018-16874
cve-2018-16875
patch
installation
suse
opensuse
yast
zypper
cpu
denial of service
directory traversal
container breakout

EPSS

0.213

Percentile

96.5%

An update that solves 5 vulnerabilities and has 6 fixes is
now available.

Description:

This update for containerd, docker, docker-runc, go, go1.11, go1.12,
golang-github-docker-libnetwork fixes the following issues:

Security issues fixed:

  • CVE-2019-5736: containerd: Fixing container breakout vulnerability
    (bsc#1121967).
  • CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS
    vulnerability affecting P-521 and P-384 (bsc#1123013).
  • CVE-2018-16873: go secuirty release, fixing cmd/go remote command
    execution (bsc#1118897).
  • CVE-2018-16874: go security release, fixing cmd/go directory traversal
    (bsc#1118898).
  • CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of
    service (bsc#1118899).

Other changes and bug fixes:

  • Update to containerd v1.2.5, which is required for v18.09.5-ce
    (bsc#1128376, bsc#1134068).
  • Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce
    (bsc#1128376, bsc#1134068).
  • Update to Docker 18.09.5-ce see upstream changelog in the packaged
    (bsc#1128376, bsc#1134068).
  • docker-test: Improvements to test packaging (bsc#1128746).
  • Move daemon.json file to /etc/docker directory (bsc#1114832).
  • Revert golang(API) removal since it turns out this breaks >= requires in
    certain cases (bsc#1114209).
  • Fix go build failures (bsc#1121397).

This update was imported from the SUSE:SLE-15:Update update project. This
update was imported from the openSUSE:Leap:15.0:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Backports SLE-15:

    zypper in -t patch openSUSE-2019-1506=1

OSVersionArchitecturePackageVersionFilename
openSUSE Backports SLE15aarch64<  openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Backports SLE15ppc64le<  openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Backports SLE15s390x<  openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Backports SLE15x86_64<  openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Backports SLE15x86_64<  openSUSE Backports SLE-15 (x86_64):- openSUSE Backports SLE-15 (x86_64):.x86_64.rpm