Update for 00Meta, 389-ds, 389-ds.2045, Graphics... security important

Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:

Security issues fixed:

- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).
- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).
- CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).
- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container
breakout (bsc#1121967).

Other changes and bug fixes:

- Update shell completion to use Group: System/Shells.
- Add daemon.json file with rotation logs configuration (bsc#1114832)
- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84.
See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
- Disable leap based builds for kubic flavor (bsc#1121412).
- Allow users to explicitly specify the NIS domain name of a container (bsc#1001161).
- Update docker.service to match upstream and avoid rlimit problems (bsc#1112980).
- Update go requirements to >= go1.10
- Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).
- Remove the usage of 'cp -r' to reduce noise in the build logs.

This update was imported from the SUSE:SLE-12:Update update project.

Message

Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?

Fixed bugs
bnc#1114832
Running supportconfig on any node can take lots of resources, even fill the hard disk on big/long-running clusters
bnc#1118899
VUL-0: CVE-2018-16875: go: crypto/x509: CPU denial of service
bnc#1118898
VUL-0: CVE-2018-16874: go: cmd/go: directory traversal
bnc#1118897
VUL-0: CVE-2018-16873: go: cmd/go: remote command execution
bnc#1001161
Docker: "--hostname" - set hostname and domainname separately
bnc#1124308
docker: update to 18.09.1
bnc#1121412
should disable to building kubic multibuilded subpackage on Leap
bnc#1112980
'ulimit: open files: cannot modify limit: Operation not permitted' when using cri-o
bnc#1121967
VUL-0: CVE-2019-5736: docker-runc: container breakout vulnerability
bnc#1051429
docker and runc failed to build with kernel 4.12 on ppc64le
bnc#1048046
docker binaries incorrectly built, contain TEXTRELS
Selected Binaries
openSUSE Build Service is sponsored by