Oval Definition:oval:org.opensuse.security:def:64888
Revision Date:2021-02-11Version:1
Title:Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)
Description:

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:

Security issues fixed:

- CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969). - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730)

Non-security issues fixed:

- Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).

- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401)

- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243

- Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708

- Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14

- Enable fish-completion

- Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)

- Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708

- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)

- Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires.

- Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support). - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly.

- Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243

- Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)
Family:unixClass:patch
Status:Reference(s):1114605
1153674
1154824
1156353
1160305
1160498
1172466
1174075
1174159
1175201
1176708
1177409
1177412
1177413
1177414
1178801
1178969
1180243
1180401
1181730
1181732
CVE-2019-14287
CVE-2019-17015
CVE-2019-17016
CVE-2019-17017
CVE-2019-17021
CVE-2019-17022
CVE-2019-17024
CVE-2019-17026
CVE-2020-0543
CVE-2020-0548
CVE-2020-0549
CVE-2020-14628
CVE-2020-14629
CVE-2020-14646
CVE-2020-14647
CVE-2020-14648
CVE-2020-14649
CVE-2020-14650
CVE-2020-14673
CVE-2020-14674
CVE-2020-14675
CVE-2020-14676
CVE-2020-14677
CVE-2020-14694
CVE-2020-14695
CVE-2020-14698
CVE-2020-14699
CVE-2020-14700
CVE-2020-14703
CVE-2020-14704
CVE-2020-14707
CVE-2020-14711
CVE-2020-14712
CVE-2020-14713
CVE-2020-14714
CVE-2020-14715
CVE-2020-15257
CVE-2020-27670
CVE-2020-27671
CVE-2020-27672
CVE-2020-27673
CVE-2021-21284
CVE-2021-21285
openSUSE-SU-2020:0094-1
openSUSE-SU-2020:1486-1
openSUSE-SU-2020:1783-1
SUSE-SU-2019:2656-1
SUSE-SU-2020:1589-1
SUSE-SU-2021:0435-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Containers 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • MozillaThunderbird-68.4.1-lp151.2.22 is installed
  • OR MozillaThunderbird-translations-common-68.4.1-lp151.2.22 is installed
  • OR MozillaThunderbird-translations-other-68.4.1-lp151.2.22 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • python3-virtualbox-6.1.14-lp152.2.5 is installed
  • OR virtualbox-6.1.14-lp152.2.5 is installed
  • OR virtualbox-devel-6.1.14-lp152.2.5 is installed
  • OR virtualbox-guest-desktop-icons-6.1.14-lp152.2.5 is installed
  • OR virtualbox-guest-source-6.1.14-lp152.2.5 is installed
  • OR virtualbox-guest-tools-6.1.14-lp152.2.5 is installed
  • OR virtualbox-guest-x11-6.1.14-lp152.2.5 is installed
  • OR virtualbox-host-source-6.1.14-lp152.2.5 is installed
  • OR virtualbox-kmp-6.1.14-lp152.2.5 is installed
  • OR virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5 is installed
  • OR virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5 is installed
  • OR virtualbox-qt-6.1.14-lp152.2.5 is installed
  • OR virtualbox-vnc-6.1.14-lp152.2.5 is installed
  • OR virtualbox-websrv-6.1.14-lp152.2.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Containers 15 SP2 is installed
  • AND Package Information
  • containerd-1.3.9-5.29.3 is installed
  • OR docker-19.03.15_ce-6.43.3 is installed
  • OR docker-bash-completion-19.03.15_ce-6.43.3 is installed
  • OR docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3 is installed
  • OR docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND Package Information
  • sudo-1.8.22-4.6 is installed
  • OR sudo-devel-1.8.22-4.6 is installed
    • BACK