SUSE-SU-2016:3084-1: moderate: Security update for Docker and dependencies
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Dec 12 05:11:09 MST 2016
SUSE Security Update: Security update for Docker and dependencies
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:3084-1
Rating: moderate
References: #1004490 #1006368 #1007249 #1009961 #974208
#978260 #983015 #987198 #988408 #989566 #995058
#995102 #995620 #996015 #999582
Cross-References: CVE-2016-8867
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Module for Containers 12
______________________________________________________________________________
An update that solves one vulnerability and has 14 fixes is
now available.
Description:
This update for Docker and its dependencies fixes the following issues:
- fix runc and containerd revisions (bsc#1009961)
docker:
- Updates version 1.11.2 to 1.12.3 (bsc#1004490, bsc#996015, bsc#995058)
- Fix ambient capability usage in containers (bsc#1007249, CVE-2016-8867)
- Change the internal mountpoint name to not use ":" as that character can
be considered a special character by other tools. (bsc#999582)
- Add dockerd(8) man page.
- Package docker-proxy (which was split out of the docker binary in 1.12).
(bsc#995620)
- Docker "migrator" prevents installing "docker", if docker 1.9 was
installed before but there were no images. (bsc#995102)
- Specify an "OCI" runtime for our runc package explicitly. (bsc#978260)
- Use gcc6-go instead of gcc5-go (bsc#988408)
For a detailed description of all fixes and improvements, please refer to:
https://github.com/docker/docker/releases/tag/v1.12.3
https://github.com/docker/docker/blob/v1.12.2/CHANGELOG.md
https://github.com/docker/docker/releases/tag/v1.12.1
https://github.com/docker/docker/releases/tag/v1.12.0
containerd:
- Update to current version required from Docker 1.12.3.
- Add missing Requires(post): %fillup_prereq. (bsc#1006368)
- Use gcc6-go instead of gcc5-go. (bsc#988408)
runc:
- Update to current version required from Docker 1.12.3.
- Use gcc6-go instead of gcc5-go. (bsc#988408)
rubygem-excon:
- Updates version from 0.39.6 to 0.52.0.
For a detailed description of all fixes and improvements, please refer to
the installed changelog.txt.
rubygem-docker-api:
- Updated version from 1.17.0 to 1.31.0.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 6:
zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1794=1
- SUSE Linux Enterprise Module for Containers 12:
zypper in -t patch SUSE-SLE-Module-Containers-12-2016-1794=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 6 (x86_64):
containerd-0.2.4+gitr565_0366d7e-9.1
containerd-debuginfo-0.2.4+gitr565_0366d7e-9.1
containerd-debugsource-0.2.4+gitr565_0366d7e-9.1
docker-1.12.3-81.2
docker-debuginfo-1.12.3-81.2
docker-debugsource-1.12.3-81.2
runc-0.1.1+gitr2816_02f8fa7-9.1
runc-debuginfo-0.1.1+gitr2816_02f8fa7-9.1
runc-debugsource-0.1.1+gitr2816_02f8fa7-9.1
- SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64):
containerd-0.2.4+gitr565_0366d7e-9.1
containerd-debuginfo-0.2.4+gitr565_0366d7e-9.1
containerd-debugsource-0.2.4+gitr565_0366d7e-9.1
docker-1.12.3-81.2
docker-debuginfo-1.12.3-81.2
docker-debugsource-1.12.3-81.2
ruby2.1-rubygem-docker-api-1.31.0-11.2
ruby2.1-rubygem-excon-0.52.0-9.1
runc-0.1.1+gitr2816_02f8fa7-9.1
runc-debuginfo-0.1.1+gitr2816_02f8fa7-9.1
runc-debugsource-0.1.1+gitr2816_02f8fa7-9.1
References:
https://www.suse.com/security/cve/CVE-2016-8867.html
https://bugzilla.suse.com/1004490
https://bugzilla.suse.com/1006368
https://bugzilla.suse.com/1007249
https://bugzilla.suse.com/1009961
https://bugzilla.suse.com/974208
https://bugzilla.suse.com/978260
https://bugzilla.suse.com/983015
https://bugzilla.suse.com/987198
https://bugzilla.suse.com/988408
https://bugzilla.suse.com/989566
https://bugzilla.suse.com/995058
https://bugzilla.suse.com/995102
https://bugzilla.suse.com/995620
https://bugzilla.suse.com/996015
https://bugzilla.suse.com/999582
More information about the sle-security-updates
mailing list