SUSE-SU-2017:1964-1: moderate: Security update for containerd, docker, runc

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jul 26 14:25:15 MDT 2017 

   SUSE Security Update: Security update for containerd, docker, runc
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1964-1
Rating:             moderate
References:         #1012568 #1019251 
Cross-References:   CVE-2016-9962
Affected Products:
                    SUSE OpenStack Cloud 6
                    SUSE Linux Enterprise Module for Containers 12
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available.

Description:


   This update for
   - containerd
   - docker to 1.12.6
   - runc fixes the two issues.

   This security issue was fixed:

   - CVE-2016-9962: A difficult to exploit race condition caused by passing a
     file descriptor from the host's filesystem into the container could have
     allowed the guest to escape(bsc#1012568).

   For docker this non-security issue was fixed:

   - bsc#1019251: Waiting when starting the docker service


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 6:

      zypper in -t patch SUSE-OpenStack-Cloud-6-2017-201=1

   - SUSE Linux Enterprise Module for Containers 12:

      zypper in -t patch SUSE-SLE-Module-Containers-12-2017-201=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE OpenStack Cloud 6 (x86_64):

      containerd-0.2.5+gitr569_2a5e70c-15.3
      containerd-debuginfo-0.2.5+gitr569_2a5e70c-15.3
      containerd-debugsource-0.2.5+gitr569_2a5e70c-15.3
      docker-1.12.6-87.2
      docker-debuginfo-1.12.6-87.2
      docker-debugsource-1.12.6-87.2
      runc-0.1.1+gitr2819_50a19c6-15.2
      runc-debuginfo-0.1.1+gitr2819_50a19c6-15.2
      runc-debugsource-0.1.1+gitr2819_50a19c6-15.2

   - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64):

      containerd-0.2.5+gitr569_2a5e70c-15.3
      containerd-debuginfo-0.2.5+gitr569_2a5e70c-15.3
      containerd-debugsource-0.2.5+gitr569_2a5e70c-15.3
      docker-1.12.6-87.2
      docker-debuginfo-1.12.6-87.2
      docker-debugsource-1.12.6-87.2
      runc-0.1.1+gitr2819_50a19c6-15.2
      runc-debuginfo-0.1.1+gitr2819_50a19c6-15.2
      runc-debugsource-0.1.1+gitr2819_50a19c6-15.2


References:

   https://www.suse.com/security/cve/CVE-2016-9962.html
   https://bugzilla.suse.com/1012568
   https://bugzilla.suse.com/1019251

More information about the sle-security-updates mailing list