SUSE-RU-2017:1965-1

Source
https://www.suse.com/support/update/announcement/2017/suse-ru-20171965-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2017:1965-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-RU-2017:1965-1
Related
Published
2017-07-12T13:49:18Z
Modified
2017-07-12T13:49:18Z
Summary
Recommended update for Docker, RunC, Containerd
Details

This update for Containerd, Docker and RunC provides several fixes and enhancements.

Containerd:

  • Update containerd to the version needed for docker-v17.04.0-ce. (bsc#1034053)
  • Fix spurious messages filling journal. (bsc#1032769)
  • Set TasksMax=infinity to make sure runC doesn't start failing randomly.

Docker:

  • Update to version 17.04.0-ce. (bsc#1034053)
  • Fix execids leaks due to bad error handling. (bsc#1037436)
  • Make Apparmor's pkg/aaparser work on read-only root. (bsc#1037607)
  • Improve Docker's systemd configuration. (bsc#1032287)
  • Check if the docker binary is available before attempting to use it. (bsc#1038476)
  • Build man pages for all architectures. (bsc#953182)
  • Fix DNS resolution when Docker host uses 127.0.0.1 as resolver. (bsc#1034063)
  • Enable Delegate=yes, since systemd will safely ignore lvalues it doesn't understand.
  • Update SUSE secrets patch to handle bsc#1030702.
  • Change lvm2 from Requires to Recommends: Docker usually uses a default storage driver, when it's not configured explicitly. This default driver then depends on the underlying system and gets chosen during installation. (bsc#1032644)
  • Disable libseccomp for Leap 42.1, SLE 12 and 12-SP1, because docker needs a higher version. Otherwise, we get the error 'conditional filtering requires libseccomp version >= 2.2.1. (bsc#1028639, bsc#1028638)
  • Add a backport of fix to AppArmor lazy loading docker-exec case.
  • Fix systemd TasksMax default which could throttle docker. (bsc#1026827)
  • Enable pkcs11

For a comprehensive list of changes please refer to /usr/share/doc/packages/docker/CHANGELOG.md

RunC:

  • Update version to the one required by docker-17.04.0-ce. (bsc#1034053)
  • Make sure to ignore cgroup v2 mountpoints. (bsc#1028113)
References

Affected packages

SUSE:OpenStack Cloud 6 / containerd

Package

Name
containerd
Purl
purl:rpm/suse/containerd&distro=SUSE%20OpenStack%20Cloud%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.5+gitr639_422e31c-20.2

Ecosystem specific

{
    "binaries": [
        {
            "runc": "0.1.1+gitr2947_9c2d8d1-20.3",
            "docker-libnetwork": "0.0.0+git20170119.7b2b1fe-4.1",
            "containerd": "0.2.5+gitr639_422e31c-20.2",
            "docker": "17.04.0_ce-98.2"
        }
    ]
}

SUSE:OpenStack Cloud 6 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20OpenStack%20Cloud%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.04.0_ce-98.2

Ecosystem specific

{
    "binaries": [
        {
            "runc": "0.1.1+gitr2947_9c2d8d1-20.3",
            "docker-libnetwork": "0.0.0+git20170119.7b2b1fe-4.1",
            "containerd": "0.2.5+gitr639_422e31c-20.2",
            "docker": "17.04.0_ce-98.2"
        }
    ]
}

SUSE:OpenStack Cloud 6 / golang-github-docker-libnetwork

Package

Name
golang-github-docker-libnetwork
Purl
purl:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20OpenStack%20Cloud%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0.0+git20170119.7b2b1fe-4.1

Ecosystem specific

{
    "binaries": [
        {
            "runc": "0.1.1+gitr2947_9c2d8d1-20.3",
            "docker-libnetwork": "0.0.0+git20170119.7b2b1fe-4.1",
            "containerd": "0.2.5+gitr639_422e31c-20.2",
            "docker": "17.04.0_ce-98.2"
        }
    ]
}

SUSE:OpenStack Cloud 6 / runc

Package

Name
runc
Purl
purl:rpm/suse/runc&distro=SUSE%20OpenStack%20Cloud%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1+gitr2947_9c2d8d1-20.3

Ecosystem specific

{
    "binaries": [
        {
            "runc": "0.1.1+gitr2947_9c2d8d1-20.3",
            "docker-libnetwork": "0.0.0+git20170119.7b2b1fe-4.1",
            "containerd": "0.2.5+gitr639_422e31c-20.2",
            "docker": "17.04.0_ce-98.2"
        }
    ]
}

SUSE:Linux Enterprise Module for Containers 12 / containerd

Package

Name
containerd
Purl
purl:rpm/suse/containerd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.5+gitr639_422e31c-20.2

Ecosystem specific

{
    "binaries": [
        {
            "runc": "0.1.1+gitr2947_9c2d8d1-20.3",
            "docker-distribution-registry": "2.6.1-15.2",
            "docker-libnetwork": "0.0.0+git20170119.7b2b1fe-4.1",
            "containerd": "0.2.5+gitr639_422e31c-20.2",
            "docker": "17.04.0_ce-98.2"
        }
    ]
}

SUSE:Linux Enterprise Module for Containers 12 / docker

Package

Name
docker
Purl
purl:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.04.0_ce-98.2

Ecosystem specific

{
    "binaries": [
        {
            "runc": "0.1.1+gitr2947_9c2d8d1-20.3",
            "docker-distribution-registry": "2.6.1-15.2",
            "docker-libnetwork": "0.0.0+git20170119.7b2b1fe-4.1",
            "containerd": "0.2.5+gitr639_422e31c-20.2",
            "docker": "17.04.0_ce-98.2"
        }
    ]
}

SUSE:Linux Enterprise Module for Containers 12 / docker-distribution

Package

Name
docker-distribution
Purl
purl:rpm/suse/docker-distribution&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.1-15.2

Ecosystem specific

{
    "binaries": [
        {
            "runc": "0.1.1+gitr2947_9c2d8d1-20.3",
            "docker-distribution-registry": "2.6.1-15.2",
            "docker-libnetwork": "0.0.0+git20170119.7b2b1fe-4.1",
            "containerd": "0.2.5+gitr639_422e31c-20.2",
            "docker": "17.04.0_ce-98.2"
        }
    ]
}

SUSE:Linux Enterprise Module for Containers 12 / golang-github-docker-libnetwork

Package

Name
golang-github-docker-libnetwork
Purl
purl:rpm/suse/golang-github-docker-libnetwork&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0.0+git20170119.7b2b1fe-4.1

Ecosystem specific

{
    "binaries": [
        {
            "runc": "0.1.1+gitr2947_9c2d8d1-20.3",
            "docker-distribution-registry": "2.6.1-15.2",
            "docker-libnetwork": "0.0.0+git20170119.7b2b1fe-4.1",
            "containerd": "0.2.5+gitr639_422e31c-20.2",
            "docker": "17.04.0_ce-98.2"
        }
    ]
}

SUSE:Linux Enterprise Module for Containers 12 / runc

Package

Name
runc
Purl
purl:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.1+gitr2947_9c2d8d1-20.3

Ecosystem specific

{
    "binaries": [
        {
            "runc": "0.1.1+gitr2947_9c2d8d1-20.3",
            "docker-distribution-registry": "2.6.1-15.2",
            "docker-libnetwork": "0.0.0+git20170119.7b2b1fe-4.1",
            "containerd": "0.2.5+gitr639_422e31c-20.2",
            "docker": "17.04.0_ce-98.2"
        }
    ]
}