Описание
Security update for containerd, docker, runc
This update for
- containerd,
- docker to version 1.12.6 and
- runc fixes several issues.
This security issues was fixed:
- CVE-2016-9962: container escape vulnerability (bsc#1012568).
Thsese non-security issues were fixed:
- boo#1019251: Add a delay when starting docker service
- Fixed bash-completion
- boo#1015661: add the /usr/bin/docker-run symlink
For additional details please see the changelog.
Список пакетов
openSUSE Leap 42.1
containerd-0.2.5+gitr569_2a5e70c-8.1
containerd-ctr-0.2.5+gitr569_2a5e70c-8.1
containerd-test-0.2.5+gitr569_2a5e70c-8.1
docker-1.12.6-25.2
docker-bash-completion-1.12.6-25.2
docker-test-1.12.6-25.2
docker-zsh-completion-1.12.6-25.2
runc-0.1.1+gitr2819_50a19c6-8.1
runc-test-0.1.1+gitr2819_50a19c6-8.1
openSUSE Leap 42.2
containerd-0.2.5+gitr569_2a5e70c-8.1
containerd-ctr-0.2.5+gitr569_2a5e70c-8.1
containerd-test-0.2.5+gitr569_2a5e70c-8.1
docker-1.12.6-25.2
docker-bash-completion-1.12.6-25.2
docker-test-1.12.6-25.2
docker-zsh-completion-1.12.6-25.2
runc-0.1.1+gitr2819_50a19c6-8.1
runc-test-0.1.1+gitr2819_50a19c6-8.1
Ссылки
- E-Mail link for openSUSE-SU-2017:1966-1
- SUSE Security Ratings
Описание
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.
Затронутые продукты
openSUSE Leap 42.1:containerd-0.2.5+gitr569_2a5e70c-8.1
openSUSE Leap 42.1:containerd-ctr-0.2.5+gitr569_2a5e70c-8.1
openSUSE Leap 42.1:containerd-test-0.2.5+gitr569_2a5e70c-8.1
openSUSE Leap 42.1:docker-1.12.6-25.2
Ссылки
- CVE-2016-9962
- SUSE Bug 1012568
- SUSE Bug 1173425