openSUSE Security Update: Security update for containerd, docker, runc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:3009-1 Rating: moderate References: #1004490 #1006368 #1007249 #1009961 #977394 #999582 Cross-References: CVE-2016-8867 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for containerd, docker, runc fixes the following issues: Security issues fixed: - CVE-2016-8867: Fix ambient capability usage in containers (bsc#1007249). Bugfixes: - boo#1006368: Fixed broken docker/containerd installation when installed by SuSE Studio in an appliance. - boo#1004490: Update docker to 1.12.2 - boo#977394: Fix go version to 1.5. - boo#999582: Change the internal mountpoint name to not use ":" as that character can be considered a special character by other tools. - Update docker to 1.12.3 * https://github.com/docker/docker/releases/tag/v1.12.3 This update changes the runc versioning scheme to prevent version downgrades (boo#1009961). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2016-1400=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1400=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (x86_64): containerd-0.2.4+gitr565_0366d7e-5.1 containerd-ctr-0.2.4+gitr565_0366d7e-5.1 containerd-ctr-debuginfo-0.2.4+gitr565_0366d7e-5.1 containerd-debuginfo-0.2.4+gitr565_0366d7e-5.1 containerd-debugsource-0.2.4+gitr565_0366d7e-5.1 docker-1.12.3-22.1 docker-debuginfo-1.12.3-22.1 docker-debugsource-1.12.3-22.1 docker-test-1.12.3-22.1 docker-test-debuginfo-1.12.3-22.1 runc-0.1.1+gitr2816_02f8fa7-5.1 runc-debuginfo-0.1.1+gitr2816_02f8fa7-5.1 runc-debugsource-0.1.1+gitr2816_02f8fa7-5.1 - openSUSE Leap 42.2 (noarch): containerd-test-0.2.4+gitr565_0366d7e-5.1 docker-bash-completion-1.12.3-22.1 docker-zsh-completion-1.12.3-22.1 runc-test-0.1.1+gitr2816_02f8fa7-5.1 - openSUSE Leap 42.1 (i586 x86_64): containerd-0.2.4+gitr565_0366d7e-7.1 containerd-ctr-0.2.4+gitr565_0366d7e-7.1 containerd-ctr-debuginfo-0.2.4+gitr565_0366d7e-7.1 containerd-debuginfo-0.2.4+gitr565_0366d7e-7.1 containerd-debugsource-0.2.4+gitr565_0366d7e-7.1 runc-0.1.1+gitr2816_02f8fa7-7.1 runc-debuginfo-0.1.1+gitr2816_02f8fa7-7.1 runc-debugsource-0.1.1+gitr2816_02f8fa7-7.1 - openSUSE Leap 42.1 (noarch): containerd-test-0.2.4+gitr565_0366d7e-7.1 docker-bash-completion-1.12.3-24.1 docker-zsh-completion-1.12.3-24.1 runc-test-0.1.1+gitr2816_02f8fa7-7.1 - openSUSE Leap 42.1 (x86_64): docker-1.12.3-24.1 docker-debuginfo-1.12.3-24.1 docker-debugsource-1.12.3-24.1 docker-test-1.12.3-24.1 docker-test-debuginfo-1.12.3-24.1 References: https://www.suse.com/security/cve/CVE-2016-8867.html https://bugzilla.suse.com/1004490 https://bugzilla.suse.com/1006368 https://bugzilla.suse.com/1007249 https://bugzilla.suse.com/1009961 https://bugzilla.suse.com/977394 https://bugzilla.suse.com/999582