SuSE Local Security Checks : openSUSE: Security Advisory for containerd (openSUSE-SU-2018:4306-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.852218

Categoría: SuSE Local Security Checks

Título: openSUSE: Security Advisory for containerd (openSUSE-SU-2018:4306-1)

Resumen: The remote host is missing an update for the 'containerd'; package(s) announced via the openSUSE-SU-2018:4306-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'containerd'
package(s) announced via the openSUSE-SU-2018:4306-1 advisory.

Vulnerability Insight:
This update for containerd, docker and go fixes the following issues:

containerd and docker:

- Add backport for building containerd (bsc#1102522, bsc#1113313)

- Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce.
(bsc#1102522)

- Enable seccomp support (fate#325877)

- Update to containerd v1.1.1, which is the required version for the
Docker v18.06.0-ce upgrade. (bsc#1102522)

- Put containerd under the podruntime slice (bsc#1086185)

- 3rd party registries used the default Docker certificate (bsc#1084533)

- Handle build breakage due to missing 'export GOPATH' (caused by
resolution of boo#1119634). I believe Docker is one of the only packages
with this problem.

go:

- golang: arbitrary command execution via VCS path (bsc#1081495,
CVE-2018-7187)

- Make profile.d/go.sh no longer set GOROOT=, in order to make switching
between versions no longer break. This ends up removing the need for
go.sh entirely (because GOPATH is also set automatically) (boo#1119634)

- Fix a regression that broke go get for import path patterns containing
'...' (bsc#1119706)

Additionally, the package go1.10 has been added.

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1626=1

Affected Software/OS:
containerd, on openSUSE Leap 15.0.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-7187
Debian Security Information: DSA-4379 (Google Search)
https://www.debian.org/security/2019/dsa-4379
Debian Security Information: DSA-4380 (Google Search)
https://www.debian.org/security/2019/dsa-4380
https://security.gentoo.org/glsa/201804-12
https://gist.github.com/SLAYEROWNER/b2a358f13ab267f2e9543bb9f9320ffc
https://lists.debian.org/debian-lts-announce/2018/02/msg00029.html

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.852218
Categoría:	SuSE Local Security Checks
Título:	openSUSE: Security Advisory for containerd (openSUSE-SU-2018:4306-1)
Resumen:	The remote host is missing an update for the 'containerd'; package(s) announced via the openSUSE-SU-2018:4306-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'containerd' package(s) announced via the openSUSE-SU-2018:4306-1 advisory. Vulnerability Insight: This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd (bsc#1102522, bsc#1113313) - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) - Enable seccomp support (fate#325877) - Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) - Put containerd under the podruntime slice (bsc#1086185) - 3rd party registries used the default Docker certificate (bsc#1084533) - Handle build breakage due to missing 'export GOPATH' (caused by resolution of boo#1119634). I believe Docker is one of the only packages with this problem. go: - golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634) - Fix a regression that broke go get for import path patterns containing '...' (bsc#1119706) Additionally, the package go1.10 has been added. This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1626=1 Affected Software/OS: containerd, on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-7187 Debian Security Information: DSA-4379 (Google Search) https://www.debian.org/security/2019/dsa-4379 Debian Security Information: DSA-4380 (Google Search) https://www.debian.org/security/2019/dsa-4380 https://security.gentoo.org/glsa/201804-12 https://gist.github.com/SLAYEROWNER/b2a358f13ab267f2e9543bb9f9320ffc https://lists.debian.org/debian-lts-announce/2018/02/msg00029.html
Copyright	Copyright (C) 2019 Greenbone Networks GmbH