Security update for containerd, docker, docker-runc, go, go1.10, golang-github-docker-libnetwork, golang-packaging

SUSE Recommended Update: Security update for containerd, docker, docker-runc, go, go1.10, golang-github-docker-libnetwork, golang-packaging
Announcement ID: SUSE-RU-2018:3960-1
Rating: moderate
References: #1047218 #1080978 #1086185 #1094680 #1095817 #1102522 #1104821 #1105000 #1108038 #1113313
Affected Products:
  • SUSE Linux Enterprise Module for Containers 12
  • OpenStack Cloud Magnum Orchestration 7

An update that has 10 recommended fixes can now be installed.

Description:


This security update for containerd, docker, docker-runc, go, go1.10, golang-github-docker-libnetwork, golang-packaging fixes several issues.
The following feature was added to the packages:
Enable seccomp support on SLE12, since libseccomp is now a new enough vintage to work with Docker and containerd (FATE#325877).
Non-security issues fixed:

  • trackerbug: packages do not build reproducibly from including build time (bsc#1047218)
  • caasp v2 to v3 upgrade fails (bsc#1080978)
  • Kubelet: reserve compute resources for system daemons (bsc#1086185)
  • Pod in terminating status (bsc#1094680)
  • containers packages fail randomly due to %check (bsc#1095817)
  • Docker v18.06-ce upgrade. (bsc#1102522)
  • Make cri-o default for kubernetes on Kubic (bsc#1104821)
  • harmonise docker and docker-kubic packaging (bsc#1105000)
  • docker hard-requires git-core (bsc#1108038)
  • Need SLE12 containers module docker update to 18.06.1-ce as soon as possible (bsc#1113313)

Patch Instructions:

To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Containers 12:
    zypper in -t patch SUSE-SLE-Module-Containers-12-2018-2817=1
  • OpenStack Cloud Magnum Orchestration 7:
    zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2817=1

Package List:

  • SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64):
    • containerd-1.1.2-16.11.1
    • docker-18.06.1_ce-98.21.1
    • docker-debuginfo-18.06.1_ce-98.21.1
    • docker-debugsource-18.06.1_ce-98.21.1
    • docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-13.1
    • docker-libnetwork-debuginfo-0.7.0.1+gitr2664_3ac297bc7fd0-13.1
    • docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-1.6.1
    • golang-github-docker-libnetwork-debugsource-0.7.0.1+gitr2664_3ac297bc7fd0-13.1
  • OpenStack Cloud Magnum Orchestration 7 (x86_64):
    • containerd-1.1.2-16.11.1
    • docker-18.06.1_ce-98.21.1
    • docker-debuginfo-18.06.1_ce-98.21.1
    • docker-debugsource-18.06.1_ce-98.21.1
    • docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-13.1
    • docker-libnetwork-debuginfo-0.7.0.1+gitr2664_3ac297bc7fd0-13.1
    • docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-1.6.1
    • golang-github-docker-libnetwork-debugsource-0.7.0.1+gitr2664_3ac297bc7fd0-13.1

References: