Mailinglist Archive: opensuse-updates (114 mails)

< Previous Next >
openSUSE-SU-2014:1411-1: moderate: Security update for docker, go
openSUSE Security Update: Security update for docker, go

Announcement ID: openSUSE-SU-2014:1411-1
Rating: moderate
References: #898901
Cross-References: CVE-2014-5277 CVE-2014-7189
Affected Products:
openSUSE 13.2

An update that fixes two vulnerabilities is now available.


Docker was updated to version 1.3.1 to fix two security issues and several
other bugs.

These security issues were fixed:
- Prevent fallback to SSL protocols lower than TLS 1.0 for client, daemon
and registry (CVE-2014-5277).
- Secure HTTPS connection to registries with certificate verification and
without HTTP fallback unless `--insecure-registry` is specified.

These non-security issues were fixed:
- Fix issue where volumes would not be shared
- Fix issue with `--iptables=false` not automatically setting
- Fix docker run output to non-TTY stdout
- Fix escaping `$` for environment variables
- Fix issue with lowercase `onbuild` Dockerfile instruction
- Restrict envrionment variable expansion to `ENV`, `ADD`, `COPY`,
- docker `exec` allows you to run additional processes inside existing
- docker `create` gives you the ability to create a container via the cli
without executing a process
- `--security-opts` options to allow user to customize container labels
and apparmor profiles
- docker `ps` filters
- Wildcard support to copy/add
- Move production urls to from
- Allocate ip address on the bridge inside a valid cidr
- Use for pr and ci testing
- Ability to setup an official registry mirror
- Ability to save multiple images with docker `save`

go was updated to version 1.3.3 to fix one security issue and several
other bugs.

This security issue was fixed:
- TLS client authentication issue (CVE-2014-7189).

These non-security issues were fixed:
- Avoid stripping debuginfo on arm, it fails (and is not necessary)
- Revert the /usr/share/go/contrib symlink as it caused problems during
update. Moved all go sources to /usr/share/go/contrib/src instead of
/usr/share/go/contrib/src/pkg and created pkg and src symlinks in
contrib to add it to GOPATH
- Fixed %go_contribsrcdir value
- Copy temporary macros.go as go.macros to avoid it to be built
- Do not modify Source: files, because that makes the .src.rpm being tied
to one specific arch.
- Removed extra src folder in /usr/share/go/contrib: the goal is to
transform this folder into a proper entry for GOPATH. This folder is now
linked to %{_libdir}/go/contrib
- go requires gcc to build sources using cgo
- tools-packaging.patch: Allow building cover and vet tools in
$GOROOT_TARGET/pkg/tool instead of $GOROOT/pkg/tool. This will allow
building go tools as a separate package

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2014-660

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.2 (i586 x86_64):


- openSUSE 13.2 (x86_64):


- openSUSE 13.2 (noarch):



< Previous Next >
This Thread
  • No further messages