Revision Date: | 2021-02-11 | Version: | 1 |
Title: | Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important) |
Description: |
This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:
- CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969). - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730)
Non-security issues fixed:
- Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401)
- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243
- Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708
- Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14
- Enable fish-completion
- Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)
- Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires.
- Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support). - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly.
- Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243
- Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1114605 1153674 1154824 1156353 1160305 1160498 1172466 1174075 1174159 1175201 1176708 1177409 1177412 1177413 1177414 1178801 1178969 1180243 1180401 1181730 1181732 CVE-2019-14287 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 CVE-2020-14628 CVE-2020-14629 CVE-2020-14646 CVE-2020-14647 CVE-2020-14648 CVE-2020-14649 CVE-2020-14650 CVE-2020-14673 CVE-2020-14674 CVE-2020-14675 CVE-2020-14676 CVE-2020-14677 CVE-2020-14694 CVE-2020-14695 CVE-2020-14698 CVE-2020-14699 CVE-2020-14700 CVE-2020-14703 CVE-2020-14704 CVE-2020-14707 CVE-2020-14711 CVE-2020-14712 CVE-2020-14713 CVE-2020-14714 CVE-2020-14715 CVE-2020-15257 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27673 CVE-2021-21284 CVE-2021-21285 openSUSE-SU-2020:0094-1 openSUSE-SU-2020:1486-1 openSUSE-SU-2020:1783-1 SUSE-SU-2019:2656-1 SUSE-SU-2020:1589-1 SUSE-SU-2021:0435-1
|
Platform(s): | openSUSE Leap 15.1 openSUSE Leap 15.2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1
| Product(s): | |
Definition Synopsis |
openSUSE Leap 15.1 is installed AND Package Information
MozillaThunderbird-68.4.1-lp151.2.22 is installed
OR MozillaThunderbird-translations-common-68.4.1-lp151.2.22 is installed
OR MozillaThunderbird-translations-other-68.4.1-lp151.2.22 is installed
|
Definition Synopsis |
openSUSE Leap 15.2 is installed
AND Package Information
python3-virtualbox-6.1.14-lp152.2.5 is installed
OR virtualbox-6.1.14-lp152.2.5 is installed
OR virtualbox-devel-6.1.14-lp152.2.5 is installed
OR virtualbox-guest-desktop-icons-6.1.14-lp152.2.5 is installed
OR virtualbox-guest-source-6.1.14-lp152.2.5 is installed
OR virtualbox-guest-tools-6.1.14-lp152.2.5 is installed
OR virtualbox-guest-x11-6.1.14-lp152.2.5 is installed
OR virtualbox-host-source-6.1.14-lp152.2.5 is installed
OR virtualbox-kmp-6.1.14-lp152.2.5 is installed
OR virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5 is installed
OR virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5 is installed
OR virtualbox-qt-6.1.14-lp152.2.5 is installed
OR virtualbox-vnc-6.1.14-lp152.2.5 is installed
OR virtualbox-websrv-6.1.14-lp152.2.5 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Containers 15 SP2 is installed
AND Package Information
containerd-1.3.9-5.29.3 is installed
OR docker-19.03.15_ce-6.43.3 is installed
OR docker-bash-completion-19.03.15_ce-6.43.3 is installed
OR docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 is installed
OR docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
AND Package Information
sudo-1.8.22-4.6 is installed
OR sudo-devel-1.8.22-4.6 is installed
|