File _patchinfo of Package patchinfo.9796

<patchinfo incident="9796">
  <issue tracker="bnc" id="1114832">Running supportconfig on any node can take lots of resources, even fill the hard disk on big/long-running clusters</issue>
  <issue tracker="bnc" id="1118899">VUL-0: CVE-2018-16875: go: crypto/x509: CPU denial of service</issue>
  <issue tracker="bnc" id="1118898">VUL-0: CVE-2018-16874: go: cmd/go: directory traversal</issue>
  <issue tracker="bnc" id="1118897">VUL-0: CVE-2018-16873: go: cmd/go: remote command execution</issue>
  <issue tracker="bnc" id="1001161">Docker: "--hostname" - set hostname and domainname separately</issue>
  <issue tracker="bnc" id="1124308">docker: update to 18.09.1</issue>
  <issue tracker="bnc" id="1121412">should disable to building kubic multibuilded subpackage on Leap</issue>
  <issue tracker="bnc" id="1112980">'ulimit: open files: cannot modify limit: Operation not permitted' when using cri-o</issue>
  <issue tracker="bnc" id="1121967">VUL-0: CVE-2019-5736: docker-runc: container breakout vulnerability</issue>
  <issue tracker="bnc" id="1051429">docker and runc failed to build with kernel 4.12 on ppc64le</issue>
  <issue tracker="bnc" id="1048046">docker binaries incorrectly built, contain TEXTRELS</issue>
  <issue tracker="cve" id="2018-16873"/>
  <issue tracker="cve" id="2019-5736"/>
  <issue tracker="cve" id="2018-16874"/>
  <issue tracker="cve" id="2018-16875"/>
  <category>security</category>
  <rating>important</rating>
  <packager>dorf</packager>
  <message>Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?</message>
  <description>This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:

Security issues fixed:

- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).
- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).
- CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).
- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container
  breakout (bsc#1121967).

Other changes and bug fixes:

- Update shell completion to use Group: System/Shells.
- Add daemon.json file with rotation logs configuration (bsc#1114832)
- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84.
  See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
- Disable leap based builds for kubic flavor (bsc#1121412).
- Allow users to explicitly specify the NIS domain name of a container (bsc#1001161).
- Update docker.service to match upstream and avoid rlimit problems (bsc#1112980).
- Update go requirements to &gt;= go1.10 
- Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).
- Remove the usage of 'cp -r' to reduce noise in the build logs.

This update was imported from the SUSE:SLE-12:Update update project.</description>
  <summary>Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc</summary>
</patchinfo>