Oval Definition:oval:org.opensuse.security:def:94216
Revision Date:2021-02-11Version:1
Title: (Important)
Description:

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:

Security issues fixed:

- CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969). - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730)

Non-security issues fixed:

- Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).

- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401)

- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243

- Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708

- Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14

- Enable fish-completion

- Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)

- Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708

- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)

- Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires.

- Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support). - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly.

- Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243

- Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)
Family:unixClass:patch
Status:Reference(s):1174075
1176708
1178801
1178969
1180243
1180401
1181730
1181732
CVE-2014-1569
CVE-2015-2721
CVE-2015-4000
CVE-2015-7181
CVE-2015-7182
CVE-2015-7575
CVE-2016-1950
CVE-2016-1979
CVE-2016-2834
CVE-2018-0495
CVE-2018-12384
CVE-2018-12404
CVE-2018-18508
CVE-2019-11745
CVE-2020-15257
CVE-2021-21284
CVE-2021-21285
Platform(s):Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Server Applications 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed
  • AND Package Information
  • libfreebl3-hmac-3.47.1-3.37.1 is installed
  • OR libsoftokn3-hmac-3.47.1-3.37.1 is installed
  • Definition Synopsis
  • Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 is installed
  • AND Package Information
  • containerd-1.3.9-5.29.3 is installed
  • OR docker-19.03.15_ce-6.43.3 is installed
  • BACK