Описание
Security update for containerd, docker, runc
This update for containerd, docker, runc fixes the following issues:
Security issues fixed:
- CVE-2016-8867: Fix ambient capability usage in containers (bsc#1007249).
Bugfixes:
- boo#1006368: Fixed broken docker/containerd installation when installed by SuSE Studio in an appliance.
- boo#1004490: Update docker to 1.12.2
- boo#977394: Fix go version to 1.5.
- boo#999582: Change the internal mountpoint name to not use ':' as that character can be considered a special character by other tools.
- Update docker to 1.12.3
This update changes the runc versioning scheme to prevent version downgrades (boo#1009961).
Список пакетов
openSUSE Leap 42.1
containerd-0.2.4+gitr565_0366d7e-5.1
containerd-ctr-0.2.4+gitr565_0366d7e-5.1
containerd-test-0.2.4+gitr565_0366d7e-5.1
docker-1.12.3-22.1
docker-bash-completion-1.12.3-22.1
docker-test-1.12.3-22.1
docker-zsh-completion-1.12.3-22.1
runc-0.1.1+gitr2816_02f8fa7-5.1
runc-test-0.1.1+gitr2816_02f8fa7-5.1
openSUSE Leap 42.2
containerd-0.2.4+gitr565_0366d7e-5.1
containerd-ctr-0.2.4+gitr565_0366d7e-5.1
containerd-test-0.2.4+gitr565_0366d7e-5.1
docker-1.12.3-22.1
docker-bash-completion-1.12.3-22.1
docker-test-1.12.3-22.1
docker-zsh-completion-1.12.3-22.1
runc-0.1.1+gitr2816_02f8fa7-5.1
runc-test-0.1.1+gitr2816_02f8fa7-5.1
Ссылки
- E-Mail link for openSUSE-SU-2016:3009-1
- SUSE Security Ratings
Описание
Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.
Затронутые продукты
openSUSE Leap 42.1:containerd-0.2.4+gitr565_0366d7e-5.1
openSUSE Leap 42.1:containerd-ctr-0.2.4+gitr565_0366d7e-5.1
openSUSE Leap 42.1:containerd-test-0.2.4+gitr565_0366d7e-5.1
openSUSE Leap 42.1:docker-1.12.3-22.1
Ссылки
- CVE-2016-8867
- SUSE Bug 1007249