Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:

Security issues fixed:

- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).
- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).
- CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).
- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container
breakout (bsc#1121967).

Other changes and bug fixes:

- Update shell completion to use Group: System/Shells.
- Add daemon.json file with rotation logs configuration (bsc#1114832)
- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84.
See upstream changelog in the packaged /usr/share/doc/packages/docker/
- Disable leap based builds for kubic flavor (bsc#1121412).
- Allow users to explicitly specify the NIS domain name of a container (bsc#1001161).
- Update docker.service to match upstream and avoid rlimit problems (bsc#1112980).
- Update go requirements to >= go1.10
- Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).
- Remove the usage of 'cp -r' to reduce noise in the build logs.

This update was imported from the SUSE:SLE-12:Update update project.


Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?

Fixed bugs
Running supportconfig on any node can take lots of resources, even fill the hard disk on big/long-running clusters
VUL-0: CVE-2018-16875: go: crypto/x509: CPU denial of service
VUL-0: CVE-2018-16874: go: cmd/go: directory traversal
VUL-0: CVE-2018-16873: go: cmd/go: remote command execution
Docker: "--hostname" - set hostname and domainname separately
docker: update to 18.09.1
should disable to building kubic multibuilded subpackage on Leap
'ulimit: open files: cannot modify limit: Operation not permitted' when using cri-o
VUL-0: CVE-2019-5736: docker-runc: container breakout vulnerability
docker and runc failed to build with kernel 4.12 on ppc64le
docker binaries incorrectly built, contain TEXTRELS
Selected Binaries
openSUSE Build Service is sponsored by