ELSA-2017-3511

Описание

[1.12.6-1.0.1]

• Enable configuration of Docker daemon via sysconfig [orabug 21804877]
• Require UEK4 for docker 1.9 [orabug 22235639 22235645]
• Add docker.conf for prelink [orabug 25147708]

[1.12.6]

• the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or
• a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive
• Backup the current version of the unit file, and replace the file with the
• Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present
• Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present).
• Fix runC privilege escalation (CVE-2016-9962)

[1.12.5]

• the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or
• a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive
• Backup the current version of the unit file, and replace the file with the
• Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present
• Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present).
• Fix race on sending stdin close event #29424
• Fix panic in docker network ls when a network was created with --ipv6 and no ipv6 --subnet in older docker versions #29416
• Fix compilation on Darwin #29370

[1.12.4]

• the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or
• a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive
• Backup the current version of the unit file, and replace the file with the
• Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present
• Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present).
• Fix issue where volume metadata was not removed #29083
• Asynchronously close streams to prevent holding container lock #29050
• Fix selinux labels for newly created container volumes #29050
• Remove hostname validation #28990
• Fix deadlocks caused by IO races #29095 #29141
• Return an empty stats if the container is restarting #29150
• Fix volume store locking #29151
• Ensure consistent status code in API #29150
• Fix incorrect opaque directory permission in overlay2 #29093
• Detect plugin content and error out on docker pull #29297
• Update Swarmkit #29047
• orchestrator/global: Fix deadlock on updates docker/swarmkit#1760
• on leader switchover preserve the vxlan id for existing networks docker/swarmkit#1773
• Refuse swarm spec not named 'default' #29152
• Update libnetwork #29004 #29146
• Fix panic in embedded DNS docker/libnetwork#1561
• Fix unmarhalling panic when passing --link-local-ip on global scope network docker/libnetwork#1564
• Fix panic when network plugin returns nil StaticRoutes docker/libnetwork#1563
• Fix panic in osl.(*networkNamespace).DeleteNeighbor docker/libnetwork#1555
• Fix panic in swarm networking concurrent map read/write docker/libnetwork#1570
• Allow encrypted networks when running docker inside a container docker/libnetwork#1502
• Do not block autoallocation of IPv6 pool docker/libnetwork#1538
• Set timeout for netlink calls docker/libnetwork#1557
• Increase networking local store timeout to one minute docker/libkv#140
• Fix a panic in libnetwork.(*sandbox).execFunc docker/libnetwork#1556
• Honor icc=false for internal networks docker/libnetwork#1525
• Update syslog log driver #29150
• Run 'dnf upgrade' before installing in fedora #29150
• Add build-date back to RPM packages #29150
• deb package filename changed to include distro to distinguish between distro code names #27829

[1.12.3]

• the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or
• a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive
• Backup the current version of the unit file, and replace the file with the
• Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present
• Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present).
• Fix ambient capability usage in containers (CVE-2016-8867) #27610
• Prevent a deadlock in libcontainerd for Windows #27136
• Fix error reporting in CopyFileWithTar #27075
• Reset health status to starting when a container is restarted #27387
• Properly handle shared mount propagation in storage directory #27609
• Fix docker exec #27610
• Fix backward compatibility with containerds events log #27693
• Fix conversion of restart-policy #27062
• Update Swarmkit #27554
• Avoid restarting a task that has already been restarted docker/swarmkit#1305
• Allow duplicate published ports when they use different protocols docker/swarmkit#1632
• Allow multiple randomly assigned published ports on service docker/swarmkit#1657
• Fix panic when allocations happen at init time docker/swarmkit#1651
• Update libnetwork #27559
• Fix race in serializing sandbox to string docker/libnetwork#1495
• Fix race during deletion docker/libnetwork#1503
• Reset endpoint port info on connectivity revoke in bridge driver docker/libnetwork#1504
• Fix a deadlock in networking code docker/libnetwork#1507
• Fix a race in load balancer state docker/libnetwork#1512
• Update fluent-logger-golang to v1.2.1 #27474
• Update buildtags for armhf ubuntu-trusty #27327
• Add AppArmor to runc buildtags for armhf #27421