openSUSE-SU-2016:3009-1: moderate: Security update for containerd, docker, runc - openSUSE Updates

5 Dec 2016


      openSUSE Security Update: Security update for containerd, docker, runc
______________________________________________________________________________
Announcement ID:    openSUSE-SU-2016:3009-1
Rating:             moderate
References:         #1004490 #1006368 #1007249 #1009961 #977394 
                    #999582 
Cross-References:   CVE-2016-8867
Affected Products:
                    openSUSE Leap 42.2
                    openSUSE Leap 42.1
______________________________________________________________________________
An update that solves one vulnerability and has 5 fixes is
   now available.
Description:
This update for containerd, docker, runc fixes the following issues:
Security issues fixed:
   - CVE-2016-8867: Fix ambient capability usage in containers (bsc#1007249).
Bugfixes:
   - boo#1006368: Fixed broken docker/containerd installation when installed
     by SuSE Studio in an appliance.
   - boo#1004490: Update docker to 1.12.2
   - boo#977394: Fix go version to 1.5.
   - boo#999582: Change the internal mountpoint name to not use ":" as that
     character can be considered a special character by other tools.
   - Update docker to 1.12.3
     * https://github.com/docker/docker/releases/tag/v1.12.3
This update changes the runc versioning scheme to prevent version
   downgrades (boo#1009961).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2016-1400=1
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-1400=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (x86_64):
containerd-0.2.4+gitr565_0366d7e-5.1
      containerd-ctr-0.2.4+gitr565_0366d7e-5.1
      containerd-ctr-debuginfo-0.2.4+gitr565_0366d7e-5.1
      containerd-debuginfo-0.2.4+gitr565_0366d7e-5.1
      containerd-debugsource-0.2.4+gitr565_0366d7e-5.1
      docker-1.12.3-22.1
      docker-debuginfo-1.12.3-22.1
      docker-debugsource-1.12.3-22.1
      docker-test-1.12.3-22.1
      docker-test-debuginfo-1.12.3-22.1
      runc-0.1.1+gitr2816_02f8fa7-5.1
      runc-debuginfo-0.1.1+gitr2816_02f8fa7-5.1
      runc-debugsource-0.1.1+gitr2816_02f8fa7-5.1
- openSUSE Leap 42.2 (noarch):
containerd-test-0.2.4+gitr565_0366d7e-5.1
      docker-bash-completion-1.12.3-22.1
      docker-zsh-completion-1.12.3-22.1
      runc-test-0.1.1+gitr2816_02f8fa7-5.1
- openSUSE Leap 42.1 (i586 x86_64):
containerd-0.2.4+gitr565_0366d7e-7.1
      containerd-ctr-0.2.4+gitr565_0366d7e-7.1
      containerd-ctr-debuginfo-0.2.4+gitr565_0366d7e-7.1
      containerd-debuginfo-0.2.4+gitr565_0366d7e-7.1
      containerd-debugsource-0.2.4+gitr565_0366d7e-7.1
      runc-0.1.1+gitr2816_02f8fa7-7.1
      runc-debuginfo-0.1.1+gitr2816_02f8fa7-7.1
      runc-debugsource-0.1.1+gitr2816_02f8fa7-7.1
- openSUSE Leap 42.1 (noarch):
containerd-test-0.2.4+gitr565_0366d7e-7.1
      docker-bash-completion-1.12.3-24.1
      docker-zsh-completion-1.12.3-24.1
      runc-test-0.1.1+gitr2816_02f8fa7-7.1
- openSUSE Leap 42.1 (x86_64):
docker-1.12.3-24.1
      docker-debuginfo-1.12.3-24.1
      docker-debugsource-1.12.3-24.1
      docker-test-1.12.3-24.1
      docker-test-debuginfo-1.12.3-24.1
References:
https://www.suse.com/security/cve/CVE-2016-8867.html
   https://bugzilla.suse.com/1004490
   https://bugzilla.suse.com/1006368
   https://bugzilla.suse.com/1007249
   https://bugzilla.suse.com/1009961
   https://bugzilla.suse.com/977394
   https://bugzilla.suse.com/999582