openSUSE Security Update: Security update for docker ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1417-1 Rating: moderate References: #976777 Cross-References: CVE-2016-3697 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for docker fixes the following issues: Security issues fixed: - CVE-2016-3697: Potential privilege escalation via confusion of usernames and UIDs (boo#976777) Bugs fixed: - devicemapper: fix zero-sized field access - remove docker-netns-aarch64.patch: This patch was adding We'll fix that later if we want to release for those archs. - Exclude init scripts other than systemd from the test-package make it explicit. - Add test subpackage and fix line numbers in patches Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-643=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (x86_64): docker-1.9.1-56.1 docker-debuginfo-1.9.1-56.1 docker-debugsource-1.9.1-56.1 - openSUSE 13.2 (noarch): docker-bash-completion-1.9.1-56.1 docker-test-1.9.1-56.1 docker-zsh-completion-1.9.1-56.1 References: https://www.suse.com/security/cve/CVE-2016-3697.html https://bugzilla.suse.com/976777