openSUSE Build Service

Security update for containerd, docker and go

This update for containerd, docker and go fixes the following issues:

containerd and docker:

- Add backport for building containerd (bsc#1102522, bsc#1113313)
- Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce.
(bsc#1102522)
- Enable seccomp support (fate#325877)
- Update to containerd v1.1.1, which is the required version for the Docker
v18.06.0-ce upgrade. (bsc#1102522)
- Put containerd under the podruntime slice (bsc#1086185)
- 3rd party registries used the default Docker certificate (bsc#1084533)
- Handle build breakage due to missing 'export GOPATH' (caused by resolution of
boo#1119634). I believe Docker is one of the only packages with this problem.

go:

- golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187)
- Make profile.d/go.sh no longer set GOROOT=, in order to make switching
between versions no longer break. This ends up removing the need for go.sh
entirely (because GOPATH is also set automatically) (boo#1119634)
- Fix a regression that broke go get for import path patterns containing "..."
(bsc#1119706)

Additionally, the package go1.10 has been added.

This update was imported from the SUSE:SLE-15:Update update project.

Submitted by Aleksa Sarai (cyphar)

Message

Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?

Fixed bugs

bnc#1104821

Make cri-o default for kubernetes on Kubic

bnc#1118898

VUL-0: CVE-2018-16874: go: cmd/go: directory traversal

bnc#1108038

docker hard-requires git-core

bnc#1114209

go: provides(API) causes "have option" unresolveable builds

bnc#1118897

VUL-0: CVE-2018-16873: go: cmd/go: remote command execution

bnc#1118899

VUL-0: CVE-2018-16875: go: crypto/x509: CPU denial of service

bnc#1105000

harmonise docker and docker-kubic packaging

bnc#1094680

Pod in terminating status

bnc#1080978

caasp v2 to v3 upgrade fails

bnc#1095817

containers packages fail randomly due to %check

bnc#1084533

3rd party registries used the default Docker certificate instead of the one specified for the registry

bnc#1113978

go 1.10 fails to build on ppc64le

bnc#1102522

Docker v18.06-ce upgrade.

bnc#1047218

trackerbug: packages do not build reproducibly from including build time

bnc#1098017

go1.10 fails to rebuild on Leap15 ppc64le

bnc#1113313

need SLE12 containers module docker update to 18.06.1-ce as soon as possible

bnc#1086185

Kubelet: reserve compute resources for system daemons

bnc#1074971

[TRACKERBUG] Enabling mirroring of private registries with docker

bnc#1081495

golang: arbitrary command execution via VCS path

go: multi-version installation is broken on version switch

bnc#1119706

go get broken for import path patterns containing "..."

Selected Binaries

_buildenv _statistics containerd containerd-ctr containerd-kubic containerd-kubic-ctr containerd-kubic-test containerd-test docker docker-bash-completion docker-debuginfo docker-debugsource docker-kubic docker-kubic-bash-completion docker-kubic-debuginfo docker-kubic-debugsource docker-kubic-test docker-kubic-test-debuginfo docker-kubic-zsh-completion docker-libnetwork docker-libnetwork-debuginfo docker-libnetwork-kubic docker-libnetwork-kubic-debuginfo docker-runc docker-runc-debuginfo docker-runc-kubic docker-runc-kubic-debuginfo docker-runc-kubic-test docker-runc-test docker-test docker-test-debuginfo docker-zsh-completion go go-doc go-race go1.10 go1.10-doc go1.10-race golang-github-docker-libnetwork golang-github-docker-libnetwork-kubic golang-packaging

Places

Message

Fixed bugs

Selected Binaries

Places