Security update for containerd, docker, runc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1966-1 Final 1 1 2017-01-31T12:13:00Z current 2017-01-31T12:13:00Z 2017-01-31T12:13:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for containerd, docker, runc This update for - containerd, - docker to version 1.12.6 and - runc fixes several issues. This security issues was fixed: - CVE-2016-9962: container escape vulnerability (bsc#1012568). Thsese non-security issues were fixed: - boo#1019251: Add a delay when starting docker service - Fixed bash-completion - boo#1015661: add the /usr/bin/docker-run symlink For additional details please see the changelog. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-07/msg00093.html E-Mail link for openSUSE-SU-2017:1966-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 containerd-0.2.5+gitr569_2a5e70c-8.1 containerd-ctr-0.2.5+gitr569_2a5e70c-8.1 containerd-test-0.2.5+gitr569_2a5e70c-8.1 docker-1.12.6-25.2 docker-bash-completion-1.12.6-25.2 docker-test-1.12.6-25.2 docker-zsh-completion-1.12.6-25.2 runc-0.1.1+gitr2819_50a19c6-8.1 runc-test-0.1.1+gitr2819_50a19c6-8.1 containerd-0.2.5+gitr569_2a5e70c-8.1 as a component of openSUSE Leap 42.1 containerd-ctr-0.2.5+gitr569_2a5e70c-8.1 as a component of openSUSE Leap 42.1 containerd-test-0.2.5+gitr569_2a5e70c-8.1 as a component of openSUSE Leap 42.1 docker-1.12.6-25.2 as a component of openSUSE Leap 42.1 docker-bash-completion-1.12.6-25.2 as a component of openSUSE Leap 42.1 docker-test-1.12.6-25.2 as a component of openSUSE Leap 42.1 docker-zsh-completion-1.12.6-25.2 as a component of openSUSE Leap 42.1 runc-0.1.1+gitr2819_50a19c6-8.1 as a component of openSUSE Leap 42.1 runc-test-0.1.1+gitr2819_50a19c6-8.1 as a component of openSUSE Leap 42.1 containerd-0.2.5+gitr569_2a5e70c-8.1 as a component of openSUSE Leap 42.2 containerd-ctr-0.2.5+gitr569_2a5e70c-8.1 as a component of openSUSE Leap 42.2 containerd-test-0.2.5+gitr569_2a5e70c-8.1 as a component of openSUSE Leap 42.2 docker-1.12.6-25.2 as a component of openSUSE Leap 42.2 docker-bash-completion-1.12.6-25.2 as a component of openSUSE Leap 42.2 docker-test-1.12.6-25.2 as a component of openSUSE Leap 42.2 docker-zsh-completion-1.12.6-25.2 as a component of openSUSE Leap 42.2 runc-0.1.1+gitr2819_50a19c6-8.1 as a component of openSUSE Leap 42.2 runc-test-0.1.1+gitr2819_50a19c6-8.1 as a component of openSUSE Leap 42.2 RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container. CVE-2016-9962 openSUSE Leap 42.1:containerd-0.2.5+gitr569_2a5e70c-8.1 openSUSE Leap 42.1:containerd-ctr-0.2.5+gitr569_2a5e70c-8.1 openSUSE Leap 42.1:containerd-test-0.2.5+gitr569_2a5e70c-8.1 openSUSE Leap 42.1:docker-1.12.6-25.2 openSUSE Leap 42.1:docker-bash-completion-1.12.6-25.2 openSUSE Leap 42.1:docker-test-1.12.6-25.2 openSUSE Leap 42.1:docker-zsh-completion-1.12.6-25.2 openSUSE Leap 42.1:runc-0.1.1+gitr2819_50a19c6-8.1 openSUSE Leap 42.1:runc-test-0.1.1+gitr2819_50a19c6-8.1 openSUSE Leap 42.2:containerd-0.2.5+gitr569_2a5e70c-8.1 openSUSE Leap 42.2:containerd-ctr-0.2.5+gitr569_2a5e70c-8.1 openSUSE Leap 42.2:containerd-test-0.2.5+gitr569_2a5e70c-8.1 openSUSE Leap 42.2:docker-1.12.6-25.2 openSUSE Leap 42.2:docker-bash-completion-1.12.6-25.2 openSUSE Leap 42.2:docker-test-1.12.6-25.2 openSUSE Leap 42.2:docker-zsh-completion-1.12.6-25.2 openSUSE Leap 42.2:runc-0.1.1+gitr2819_50a19c6-8.1 openSUSE Leap 42.2:runc-test-0.1.1+gitr2819_50a19c6-8.1 moderate 4.1 AV:L/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-07/msg00093.html https://www.suse.com/security/cve/CVE-2016-9962.html CVE-2016-9962 https://bugzilla.suse.com/1012568 SUSE Bug 1012568 https://bugzilla.suse.com/1173425 SUSE Bug 1173425