Security update for containerd, docker, docker-runc, go, go1.10, golang-github-docker-libnetwork, golang-packaging

Announcement ID:	SUSE-RU-2018:3960-1
Rating:	moderate
References:	bsc#1047218 bsc#1080978 bsc#1086185 bsc#1094680 bsc#1095817 bsc#1102522 bsc#1104821 bsc#1105000 bsc#1108038 bsc#1113313
Affected Products:	Containers Module 12 Magnum Orchestration 7 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that has 10 fixes can now be installed.

Description:

This security update for containerd, docker, docker-runc, go, go1.10, golang-github-docker-libnetwork, golang-packaging fixes several issues.

The following feature was added to the packages:

Enable seccomp support on SLE12, since libseccomp is now a new enough vintage to work with Docker and containerd (FATE#325877).

Non-security issues fixed:

• trackerbug: packages do not build reproducibly from including build time (bsc#1047218)
• caasp v2 to v3 upgrade fails (bsc#1080978)
• Kubelet: reserve compute resources for system daemons (bsc#1086185)
• Pod in terminating status (bsc#1094680)
• containers packages fail randomly due to %check (bsc#1095817)
• Docker v18.06-ce upgrade. (bsc#1102522)
• Make cri-o default for kubernetes on Kubic (bsc#1104821)
• harmonise docker and docker-kubic packaging (bsc#1105000)
• docker hard-requires git-core (bsc#1108038)
• Need SLE12 containers module docker update to 18.06.1-ce as soon as possible (bsc#1113313)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Magnum Orchestration 7
  zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2817=1
• Containers Module 12
  zypper in -t patch SUSE-SLE-Module-Containers-12-2018-2817=1

Package List:

• Magnum Orchestration 7 (x86_64)
  • docker-libnetwork-debuginfo-0.7.0.1+gitr2664_3ac297bc7fd0-13.1
  • docker-debugsource-18.06.1_ce-98.21.1
  • docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-13.1
  • docker-debuginfo-18.06.1_ce-98.21.1
  • containerd-1.1.2-16.11.1
  • docker-18.06.1_ce-98.21.1
  • docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-1.6.1
  • golang-github-docker-libnetwork-debugsource-0.7.0.1+gitr2664_3ac297bc7fd0-13.1
• Containers Module 12 (ppc64le s390x x86_64)
  • docker-libnetwork-debuginfo-0.7.0.1+gitr2664_3ac297bc7fd0-13.1
  • docker-debugsource-18.06.1_ce-98.21.1
  • docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-13.1
  • docker-debuginfo-18.06.1_ce-98.21.1
  • containerd-1.1.2-16.11.1
  • docker-18.06.1_ce-98.21.1
  • docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-1.6.1
  • golang-github-docker-libnetwork-debugsource-0.7.0.1+gitr2664_3ac297bc7fd0-13.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1047218
• https://bugzilla.suse.com/show_bug.cgi?id=1080978
• https://bugzilla.suse.com/show_bug.cgi?id=1086185
• https://bugzilla.suse.com/show_bug.cgi?id=1094680
• https://bugzilla.suse.com/show_bug.cgi?id=1095817
• https://bugzilla.suse.com/show_bug.cgi?id=1102522
• https://bugzilla.suse.com/show_bug.cgi?id=1104821
• https://bugzilla.suse.com/show_bug.cgi?id=1105000
• https://bugzilla.suse.com/show_bug.cgi?id=1108038
• https://bugzilla.suse.com/show_bug.cgi?id=1113313