Security update for docker-distribution (moderate)

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for docker-distribution fixes the following issues:

• Enable build on %arm (which include armv6), not only on armv7

• Enable ppc64le

• Use correct URL to project

• Remove fillup, we don’t ship a sysconfig file

• Correct systemd requires

• Enable build on ARM

• Upgraded to 2.7.1

  • Support for OCI images added
  • Fix upgrade issues from 2.6.x
  • Update Go version to 1.11
  • Switch to multi-stage Dockerfile
  • Validations enabled by default with new disabled config option
  • Optimize health check performance
  • Create separate permission for deleting objects in a repo
  • Fix storage driver error propagation for manifest GETs
  • Fix forwarded header resolution
  • Add prometheus metrics
  • Disable schema1 manifest by default
  • Graceful shutdown
  • TLS: remove ciphers that do not support perfect forward secrecy
  • Fix registry stripping newlines from manifests
  • Add bugsnag logrus hook
  • Support ARM builds

  This release is a special security release to address an issue allowing
  an attacker to force arbitrarily-sized memory allocations in a registry
  instance through the manifest endpoint. The problem has been mitigated by
  limiting the size of reads for image manifest content. Details for
  mitigation are in 29fa466 Fixes boo#1049850 (CVE-2017-11468) Fixes
  boo#1033172

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Backports SLE-15-SP2:

  zypper in -t patch openSUSE-2020-1433=1