openSUSE-SU-2019:0189-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:0189-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2019:0189-1
Related
Published
2019-03-23T11:00:22Z
Modified
2019-03-23T11:00:22Z
Summary
Security update for docker
Details

This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues:

Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork:

  • CVE-2018-16873: cmd/go: remote command execution during 'go get -u' (bsc#1118897)
  • CVE-2018-16874: cmd/go: directory traversal in 'go get' via curly braces in import paths (bsc#1118898)
  • CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)

Non-security issues fixed for docker:

  • Disable leap based builds for kubic flavor (bsc#1121412)
  • Allow users to explicitly specify the NIS domainname of a container (bsc#1001161)
  • Update docker.service to match upstream and avoid rlimit problems (bsc#1112980)
  • Allow docker images larger then 23GB (bsc#1118990)
  • Docker version update to version 18.09.0-ce (bsc#1115464)

This update was imported from the SUSE:SLE-15:Update update project.

References

Affected packages