Security update for SLES 12-SP1 Docker image
| Announcement ID: | SUSE-SU-2017:2700-1 |
| Rating: | important |
| References: | #1056193 #975726 |
| Affected Products: |
An update that fixes 143 vulnerabilities is now available.
Description:
The SUSE Linux Enterprise Server 12 SP1 container image has been updated
to include security and stability fixes.
The following issues related to building of the container images have been
fixed:
- Included krb5 package to avoid the inclusion of krb5-mini which gets
selected as a dependency by the Build Service solver. (bsc#1056193)
- Do not install recommended packages when building container images.
(bsc#975726)
A number of security issues that have been already fixed by updates
released for SUSE Linux Enterprise Server 12 SP1 are now included in the
base image. A package/CVE cross-reference is available below.
pam:
- CVE-2015-3238
libtasn1:
- CVE-2015-3622
- CVE-2016-4008
expat:
expat:
- CVE-2012-6702
- CVE-2015-1283
- CVE-2016-0718
- CVE-2016-5300
- CVE-2016-9063
- CVE-2017-9233
libidn:
- CVE-2015-2059
- CVE-2015-8948
- CVE-2016-6261
- CVE-2016-6262
- CVE-2016-6263
zlib:
- CVE-2016-9840
- CVE-2016-9841
- CVE-2016-9842
- CVE-2016-9843
curl:
- CVE-2016-5419
- CVE-2016-5420
- CVE-2016-5421
- CVE-2016-7141
- CVE-2016-7167
- CVE-2016-8615
- CVE-2016-8616
- CVE-2016-8617
- CVE-2016-8618
- CVE-2016-8619
- CVE-2016-8620
- CVE-2016-8621
- CVE-2016-8622
- CVE-2016-8623
- CVE-2016-8624
- CVE-2016-9586
- CVE-2017-1000100
- CVE-2017-1000101
- CVE-2017-7407
openssl:
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2177
- CVE-2016-2178
- CVE-2016-2179
- CVE-2016-2180
- CVE-2016-2181
- CVE-2016-2182
- CVE-2016-2183
- CVE-2016-6302
- CVE-2016-6303
- CVE-2016-6304
- CVE-2016-6306
- CVE-2016-7056
- CVE-2016-8610
- CVE-2017-3731
cracklib:
- CVE-2016-6318
pcre:
- CVE-2014-8964
- CVE-2015-2325
- CVE-2015-2327
- CVE-2015-2328
- CVE-2015-3210
- CVE-2015-3217
- CVE-2015-5073
- CVE-2015-8380
- CVE-2015-8381
- CVE-2015-8382
- CVE-2015-8383
- CVE-2015-8384
- CVE-2015-8385
- CVE-2015-8386
- CVE-2015-8387
- CVE-2015-8388
- CVE-2015-8389
- CVE-2015-8390
- CVE-2015-8391
- CVE-2015-8392
- CVE-2015-8393
- CVE-2015-8394
- CVE-2015-8395
- CVE-2016-1283
- CVE-2016-3191
appamor:
- CVE-2017-6507
bash:
- CVE-2014-6277
- CVE-2014-6278
- CVE-2016-0634
- CVE-2016-7543
cpio:
- CVE-2016-2037
glibc:
- CVE-2016-1234
- CVE-2016-3075
- CVE-2016-3706
- CVE-2016-4429
- CVE-2017-1000366
perl:
- CVE-2015-8853
- CVE-2016-1238
- CVE-2016-2381
- CVE-2016-6185
libssh2_org:
- CVE-2016-0787
util-linux:
- CVE-2016-5011
- CVE-2017-2616
ncurses:
- CVE-2017-10684
- CVE-2017-10685
- CVE-2017-11112
- CVE-2017-11113
libksba:
- CVE-2016-4574
- CVE-2016-4579
libxml2:
- CVE-2014-0191
- CVE-2015-8806
- CVE-2016-1762
- CVE-2016-1833
- CVE-2016-1834
- CVE-2016-1835
- CVE-2016-1837
- CVE-2016-1838
- CVE-2016-1839
- CVE-2016-1840
- CVE-2016-2073
- CVE-2016-3627
- CVE-2016-3705
- CVE-2016-4447
- CVE-2016-4448
- CVE-2016-4449
- CVE-2016-4483
- CVE-2016-4658
- CVE-2016-9318
- CVE-2016-9597
- CVE-2017-9047
- CVE-2017-9048
- CVE-2017-9049
- CVE-2017-9050
libgcrypt:
- CVE-2015-7511
- CVE-2016-6313
- CVE-2017-7526
update-alternatives:
- CVE-2015-0860
systemd:
- CVE-2014-9770
- CVE-2015-8842
- CVE-2016-7796
dbus-1:
- CVE-2014-7824
- CVE-2015-0245
Finally, the following packages received non-security fixes:
- augeas
- bzip2
- ca-certificates-mozilla
- coreutils
- cryptsetup
- cyrus-sasl
- dirmngr
- e2fsprogs
- findutils
- gpg2
- insserv-compat
- kmod
- libcap
- libsolv
- libzypp
- lua51
- lvm2
- netcfg
- p11-kit
- permissions
- procps
- rpm
- sed
- sg3_utils
- shadow
- zypper
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Containers 12:
zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1673=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64):
- sles12sp1-docker-image-1.0.7-20171002
References:
- https://www.suse.com/security/cve/CVE-2012-6702.html
- https://www.suse.com/security/cve/CVE-2014-0191.html
- https://www.suse.com/security/cve/CVE-2014-6271.html
- https://www.suse.com/security/cve/CVE-2014-6277.html
- https://www.suse.com/security/cve/CVE-2014-6278.html
- https://www.suse.com/security/cve/CVE-2014-7169.html
- https://www.suse.com/security/cve/CVE-2014-7187.html
- https://www.suse.com/security/cve/CVE-2014-7824.html
- https://www.suse.com/security/cve/CVE-2014-8964.html
- https://www.suse.com/security/cve/CVE-2014-9770.html
- https://www.suse.com/security/cve/CVE-2015-0245.html
- https://www.suse.com/security/cve/CVE-2015-0860.html
- https://www.suse.com/security/cve/CVE-2015-1283.html
- https://www.suse.com/security/cve/CVE-2015-2059.html
- https://www.suse.com/security/cve/CVE-2015-2325.html
- https://www.suse.com/security/cve/CVE-2015-2327.html
- https://www.suse.com/security/cve/CVE-2015-2328.html
- https://www.suse.com/security/cve/CVE-2015-3210.html
- https://www.suse.com/security/cve/CVE-2015-3217.html
- https://www.suse.com/security/cve/CVE-2015-3238.html
- https://www.suse.com/security/cve/CVE-2015-3622.html
- https://www.suse.com/security/cve/CVE-2015-5073.html
- https://www.suse.com/security/cve/CVE-2015-5276.html
- https://www.suse.com/security/cve/CVE-2015-7511.html
- https://www.suse.com/security/cve/CVE-2015-8380.html
- https://www.suse.com/security/cve/CVE-2015-8381.html
- https://www.suse.com/security/cve/CVE-2015-8382.html
- https://www.suse.com/security/cve/CVE-2015-8383.html
- https://www.suse.com/security/cve/CVE-2015-8384.html
- https://www.suse.com/security/cve/CVE-2015-8385.html
- https://www.suse.com/security/cve/CVE-2015-8386.html
- https://www.suse.com/security/cve/CVE-2015-8387.html
- https://www.suse.com/security/cve/CVE-2015-8388.html
- https://www.suse.com/security/cve/CVE-2015-8389.html
- https://www.suse.com/security/cve/CVE-2015-8390.html
- https://www.suse.com/security/cve/CVE-2015-8391.html
- https://www.suse.com/security/cve/CVE-2015-8392.html
- https://www.suse.com/security/cve/CVE-2015-8393.html
- https://www.suse.com/security/cve/CVE-2015-8394.html
- https://www.suse.com/security/cve/CVE-2015-8395.html
- https://www.suse.com/security/cve/CVE-2015-8806.html
- https://www.suse.com/security/cve/CVE-2015-8842.html
- https://www.suse.com/security/cve/CVE-2015-8853.html
- https://www.suse.com/security/cve/CVE-2015-8948.html
- https://www.suse.com/security/cve/CVE-2016-0634.html
- https://www.suse.com/security/cve/CVE-2016-0718.html
- https://www.suse.com/security/cve/CVE-2016-0787.html
- https://www.suse.com/security/cve/CVE-2016-1234.html
- https://www.suse.com/security/cve/CVE-2016-1238.html
- https://www.suse.com/security/cve/CVE-2016-1283.html
- https://www.suse.com/security/cve/CVE-2016-1762.html
- https://www.suse.com/security/cve/CVE-2016-1833.html
- https://www.suse.com/security/cve/CVE-2016-1834.html
- https://www.suse.com/security/cve/CVE-2016-1835.html
- https://www.suse.com/security/cve/CVE-2016-1837.html
- https://www.suse.com/security/cve/CVE-2016-1838.html
- https://www.suse.com/security/cve/CVE-2016-1839.html
- https://www.suse.com/security/cve/CVE-2016-1840.html
- https://www.suse.com/security/cve/CVE-2016-2037.html
- https://www.suse.com/security/cve/CVE-2016-2073.html
- https://www.suse.com/security/cve/CVE-2016-2105.html
- https://www.suse.com/security/cve/CVE-2016-2106.html
- https://www.suse.com/security/cve/CVE-2016-2107.html
- https://www.suse.com/security/cve/CVE-2016-2108.html
- https://www.suse.com/security/cve/CVE-2016-2109.html
- https://www.suse.com/security/cve/CVE-2016-2177.html
- https://www.suse.com/security/cve/CVE-2016-2178.html
- https://www.suse.com/security/cve/CVE-2016-2179.html
- https://www.suse.com/security/cve/CVE-2016-2180.html
- https://www.suse.com/security/cve/CVE-2016-2181.html
- https://www.suse.com/security/cve/CVE-2016-2182.html
- https://www.suse.com/security/cve/CVE-2016-2183.html
- https://www.suse.com/security/cve/CVE-2016-2381.html
- https://www.suse.com/security/cve/CVE-2016-3075.html
- https://www.suse.com/security/cve/CVE-2016-3191.html
- https://www.suse.com/security/cve/CVE-2016-3627.html
- https://www.suse.com/security/cve/CVE-2016-3705.html
- https://www.suse.com/security/cve/CVE-2016-3706.html
- https://www.suse.com/security/cve/CVE-2016-4008.html
- https://www.suse.com/security/cve/CVE-2016-4429.html
- https://www.suse.com/security/cve/CVE-2016-4447.html
- https://www.suse.com/security/cve/CVE-2016-4448.html
- https://www.suse.com/security/cve/CVE-2016-4449.html
- https://www.suse.com/security/cve/CVE-2016-4483.html
- https://www.suse.com/security/cve/CVE-2016-4574.html
- https://www.suse.com/security/cve/CVE-2016-4579.html
- https://www.suse.com/security/cve/CVE-2016-4658.html
- https://www.suse.com/security/cve/CVE-2016-5011.html
- https://www.suse.com/security/cve/CVE-2016-5300.html
- https://www.suse.com/security/cve/CVE-2016-5419.html
- https://www.suse.com/security/cve/CVE-2016-5420.html
- https://www.suse.com/security/cve/CVE-2016-5421.html
- https://www.suse.com/security/cve/CVE-2016-6185.html
- https://www.suse.com/security/cve/CVE-2016-6261.html
- https://www.suse.com/security/cve/CVE-2016-6262.html
- https://www.suse.com/security/cve/CVE-2016-6263.html
- https://www.suse.com/security/cve/CVE-2016-6302.html
- https://www.suse.com/security/cve/CVE-2016-6303.html
- https://www.suse.com/security/cve/CVE-2016-6304.html
- https://www.suse.com/security/cve/CVE-2016-6306.html
- https://www.suse.com/security/cve/CVE-2016-6313.html
- https://www.suse.com/security/cve/CVE-2016-6318.html
- https://www.suse.com/security/cve/CVE-2016-7056.html
- https://www.suse.com/security/cve/CVE-2016-7141.html
- https://www.suse.com/security/cve/CVE-2016-7167.html
- https://www.suse.com/security/cve/CVE-2016-7543.html
- https://www.suse.com/security/cve/CVE-2016-7796.html
- https://www.suse.com/security/cve/CVE-2016-8610.html
- https://www.suse.com/security/cve/CVE-2016-8615.html
- https://www.suse.com/security/cve/CVE-2016-8616.html
- https://www.suse.com/security/cve/CVE-2016-8617.html
- https://www.suse.com/security/cve/CVE-2016-8618.html
- https://www.suse.com/security/cve/CVE-2016-8619.html
- https://www.suse.com/security/cve/CVE-2016-8620.html
- https://www.suse.com/security/cve/CVE-2016-8621.html
- https://www.suse.com/security/cve/CVE-2016-8622.html
- https://www.suse.com/security/cve/CVE-2016-8623.html
- https://www.suse.com/security/cve/CVE-2016-8624.html
- https://www.suse.com/security/cve/CVE-2016-9063.html
- https://www.suse.com/security/cve/CVE-2016-9318.html
- https://www.suse.com/security/cve/CVE-2016-9586.html
- https://www.suse.com/security/cve/CVE-2016-9597.html
- https://www.suse.com/security/cve/CVE-2016-9840.html
- https://www.suse.com/security/cve/CVE-2016-9841.html
- https://www.suse.com/security/cve/CVE-2016-9842.html
- https://www.suse.com/security/cve/CVE-2016-9843.html
- https://www.suse.com/security/cve/CVE-2017-1000100.html
- https://www.suse.com/security/cve/CVE-2017-1000101.html
- https://www.suse.com/security/cve/CVE-2017-1000366.html
- https://www.suse.com/security/cve/CVE-2017-10684.html
- https://www.suse.com/security/cve/CVE-2017-10685.html
- https://www.suse.com/security/cve/CVE-2017-11112.html
- https://www.suse.com/security/cve/CVE-2017-11113.html
- https://www.suse.com/security/cve/CVE-2017-2616.html
- https://www.suse.com/security/cve/CVE-2017-3731.html
- https://www.suse.com/security/cve/CVE-2017-6507.html
- https://www.suse.com/security/cve/CVE-2017-7407.html
- https://www.suse.com/security/cve/CVE-2017-7526.html
- https://www.suse.com/security/cve/CVE-2017-9047.html
- https://www.suse.com/security/cve/CVE-2017-9048.html
- https://www.suse.com/security/cve/CVE-2017-9049.html
- https://www.suse.com/security/cve/CVE-2017-9050.html
- https://www.suse.com/security/cve/CVE-2017-9233.html
- https://bugzilla.suse.com/1056193
- https://bugzilla.suse.com/975726
运行SAP解决方案
公共云
Security
