Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-5736 (GCVE-0-2019-5736)
Vulnerability from cvelistv5 – Published: 2019-02-11 00:00 – Updated: 2024-08-04 20:01
VLAI
EPSS
Summary
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
66 references
Date Public
2019-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"
},
{
"name": "RHSA-2019:0408",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0408"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rancher/runc-cve"
},
{
"name": "RHSA-2019:0401",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0401"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_06"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0008/"
},
{
"name": "RHSA-2019:0303",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0303"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/q3k/cve-2019-5736-poc"
},
{
"name": "46359",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46359/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"
},
{
"tags": [
"x_transferred"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2019-5736"
},
{
"name": "46369",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46369/"
},
{
"name": "RHSA-2019:0304",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0304"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Frichetten/CVE-2019-5736-PoC"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us"
},
{
"tags": [
"x_transferred"
],
"url": "https://brauner.github.io/2019/02/12/privileged-containers.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"
},
{
"name": "106976",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106976"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/runcescape"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"
},
{
"name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"
},
{
"name": "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"
},
{
"name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"
},
{
"name": "openSUSE-SU-2019:1079",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1227",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"name": "openSUSE-SU-2019:1275",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"name": "FEDORA-2019-bc70b381ad",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"
},
{
"name": "FEDORA-2019-6174b47003",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"
},
{
"tags": [
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"
},
{
"name": "RHSA-2019:0975",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0975"
},
{
"tags": [
"x_transferred"
],
"url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"
},
{
"tags": [
"x_transferred"
],
"url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"
},
{
"name": "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1444",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"name": "openSUSE-SU-2019:1499",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1506",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "USN-4048-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"name": "openSUSE-SU-2019:2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"name": "FEDORA-2019-2baa1f7b19",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"
},
{
"name": "FEDORA-2019-c1dac1b3b8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
},
{
"name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2245",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"
},
{
"name": "openSUSE-SU-2019:2286",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "GLSA-202003-21",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-21"
},
{
"name": "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"
},
{
"name": "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"
},
{
"name": "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"
},
{
"name": "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T12:06:25.591Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"
},
{
"name": "RHSA-2019:0408",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0408"
},
{
"url": "https://github.com/rancher/runc-cve"
},
{
"name": "RHSA-2019:0401",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0401"
},
{
"url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_06"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190307-0008/"
},
{
"name": "RHSA-2019:0303",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0303"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"
},
{
"url": "https://github.com/q3k/cve-2019-5736-poc"
},
{
"name": "46359",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46359/"
},
{
"url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"
},
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"
},
{
"url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"
},
{
"url": "https://access.redhat.com/security/cve/cve-2019-5736"
},
{
"name": "46369",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46369/"
},
{
"name": "RHSA-2019:0304",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0304"
},
{
"url": "https://github.com/Frichetten/CVE-2019-5736-PoC"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us"
},
{
"url": "https://brauner.github.io/2019/02/12/privileged-containers.html"
},
{
"url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"
},
{
"url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"
},
{
"name": "106976",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/106976"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/runcescape"
},
{
"url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"
},
{
"name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"
},
{
"name": "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"
},
{
"name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"
},
{
"url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"
},
{
"name": "openSUSE-SU-2019:1079",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1227",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"name": "openSUSE-SU-2019:1275",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"name": "FEDORA-2019-bc70b381ad",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"
},
{
"name": "FEDORA-2019-6174b47003",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"
},
{
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"
},
{
"name": "RHSA-2019:0975",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0975"
},
{
"url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"
},
{
"url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"
},
{
"name": "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1444",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"name": "openSUSE-SU-2019:1499",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1506",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "USN-4048-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"name": "openSUSE-SU-2019:2021",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"name": "FEDORA-2019-2baa1f7b19",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"
},
{
"name": "FEDORA-2019-c1dac1b3b8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
},
{
"name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2245",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"
},
{
"name": "openSUSE-SU-2019:2286",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "GLSA-202003-21",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202003-21"
},
{
"name": "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"
},
{
"url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"
},
{
"name": "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"
},
{
"name": "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"
},
{
"name": "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5736",
"datePublished": "2019-02-11T00:00:00.000Z",
"dateReserved": "2019-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:01:52.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-5736",
"date": "2026-05-29",
"epss": "0.59178",
"percentile": "0.98265"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-5736\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-02-11T19:29:00.297\",\"lastModified\":\"2024-11-21T04:45:24.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.\"},{\"lang\":\"es\",\"value\":\"runc, hasta la versi\u00f3n 1.0-rc6, tal y como se emplea en Docker, en versiones anteriores a la 18.09.2 y otros productos, permite que los atacantes sobrescriban el binario del host runc (y, as\u00ed, obtengan acceso root al host) aprovechando la capacidad para ejecutar un comando como root con uno de estos tipos de contenedores: (1) un nuevo contenedor con una imagen controlada por el atacante o (2) un contenedor existente, para el cual el atacante contaba previamente con acceso de escritura, que puede adjuntarse con docker exec. Esto ocurre debido a la gesti\u00f3n incorrecta del descriptor de archivos; esto est\u00e1 relacionado con /proc/self/exe.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.09.2\",\"matchCriteriaId\":\"A367C4FA-18DF-402F-B120-254B35F73BD1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.1.1\",\"matchCriteriaId\":\"D522E8C1-E7F0-4A3D-AF68-6D962944A0E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"949172CC-EBB5-47F6-B987-207C802EED0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6D87B50-2849-4F4D-A0F9-4F7EBA3C2647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E580E25-F94C-4DA4-8718-15D5F1C3ADAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD565CE0-D9E9-4FD9-8998-8AC55030FAB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"093326B1-448C-4E3B-886D-CAC8B6813BFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"F672C421-789D-4F21-B483-DA3EB251BA1D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:container_development_kit:3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48FAFDE5-1E73-4874-8F2E-3C74B1955096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"785C0A0D-5FF3-43D5-B89F-DCB2D6FDE310\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9955945-7509-4542-BF83-B7BA0B4D8D05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A52F7AE1-754D-4EE1-8EC1-7765292B4C2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55349BC5-90EC-4954-8CEB-3C37D34742C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:kubernetes_engine:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C2EB454-D0C9-47FC-B727-1D61A8811967\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.0\",\"matchCriteriaId\":\"1AF77BB2-6F7A-408A-9F54-60F1F53B3709\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:onesphere:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41FF9E5A-7BD1-477E-9875-8525FD87B13F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C19813-E823-456A-B1CE-EC0684CE1953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.4.0\",\"versionEndExcluding\":\"1.4.3\",\"matchCriteriaId\":\"CA0695E0-954A-4533-9D93-58257E9EA6D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndExcluding\":\"1.5.3\",\"matchCriteriaId\":\"B51B8DF0-FCE4-42A7-A582-0476226C6188\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.6.0\",\"versionEndExcluding\":\"1.6.2\",\"matchCriteriaId\":\"01878119-E05A-469B-B49D-5D19082CED28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.7.0\",\"versionEndExcluding\":\"1.7.2\",\"matchCriteriaId\":\"1AB1BB7C-46A1-4676-9D15-D75EC1E4594C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40513095-7E6E-46B3-B604-C926F1BA3568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:d2iq:kubernetes_engine:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.0-1.13.3\",\"matchCriteriaId\":\"632B24FA-F2D6-42B0-87C7-7F142E15EFC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:d2iq:dc\\\\/os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10.10\",\"matchCriteriaId\":\"0AD20FA7-737F-47C0-B2AC-735438253AA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:d2iq:dc\\\\/os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.10.11\",\"versionEndExcluding\":\"1.11.9\",\"matchCriteriaId\":\"5E5AE03E-3AC4-4439-9D0D-45E097B2552C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:d2iq:dc\\\\/os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.11.10\",\"versionEndExcluding\":\"1.12.1\",\"matchCriteriaId\":\"E2F3078E-08E0-4C76-A7A3-A93B953BEDD5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:service_management_automation:2018.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DCFB2E7-D769-4365-9B99-952907563749\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3909E337-F1FC-45C8-A120-EEBDBFB0E4D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:service_management_automation:2018.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934D6CB3-E159-40F4-8E5B-CDDDD824CAA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:service_management_automation:2018.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82C0FD9D-6117-40DE-9386-7327867F9615\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/03/23/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/06/28/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/07/06/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/07/06/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/24/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/29/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/01/31/6\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/02/01/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/02/02/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/106976\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0303\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0304\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0401\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0408\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0975\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2019-5736\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/vulnerabilities/runcescape\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://aws.amazon.com/security/security-bulletins/AWS-2019-002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://brauner.github.io/2019/02/12/privileged-containers.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1121967\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Frichetten/CVE-2019-5736-PoC\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/docker/docker-ce/releases/tag/v18.09.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/q3k/cve-2019-5736-poc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rancher/runc-cve\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202003-21\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190307-0008/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4048-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/46359/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/46369/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2019/02/11/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_06\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/03/23/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/06/28/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/07/06/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/07/06/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/24/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/29/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/01/31/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/02/01/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/02/02/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/106976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0304\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0408\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2019-5736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/vulnerabilities/runcescape\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://aws.amazon.com/security/security-bulletins/AWS-2019-002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://brauner.github.io/2019/02/12/privileged-containers.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1121967\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Frichetten/CVE-2019-5736-PoC\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/docker/docker-ce/releases/tag/v18.09.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/q3k/cve-2019-5736-poc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rancher/runc-cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202003-21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190307-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4048-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/46359/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/46369/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2019/02/11/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
OPENSUSE-SU-2019:0252-1
Vulnerability from csaf_opensuse - Published: 2019-03-23 11:05 - Updated: 2019-03-23 11:05Summary
Security update for docker-runc
Severity
Important
Notes
Title of the patch: Security update for docker-runc
Description of the patch: This update for docker-runc fixes the following issues:
Security issue fixed:
- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid
write attacks to the host runc binary, which could lead to a container
breakout (bsc#1121967)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-252
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-runc fixes the following issues:\n\t \nSecurity issue fixed:\n\n- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid\n write attacks to the host runc binary, which could lead to a container\n breakout (bsc#1121967)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-252",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0252-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0252-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AI7D322XZTMFQDYTMYTY3DCVO2XVUVKB/#AI7D322XZTMFQDYTMYTY3DCVO2XVUVKB"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0252-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AI7D322XZTMFQDYTMYTY3DCVO2XVUVKB/#AI7D322XZTMFQDYTMYTY3DCVO2XVUVKB"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for docker-runc",
"tracking": {
"current_release_date": "2019-03-23T11:05:12Z",
"generator": {
"date": "2019-03-23T11:05:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0252-1",
"initial_release_date": "2019-03-23T11:05:12Z",
"revision_history": [
{
"date": "2019-03-23T11:05:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.noarch",
"product_id": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.x86_64",
"product_id": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.noarch"
},
"product_reference": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:05:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
OPENSUSE-SU-2019:0295-1
Vulnerability from csaf_opensuse - Published: 2019-03-23 11:11 - Updated: 2019-03-23 11:11Summary
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
Severity
Important
Notes
Title of the patch: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
Description of the patch: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:
Security issues fixed:
- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).
- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).
- CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).
- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container
breakout (bsc#1121967).
Other changes and fixes:
- Update shell completion to use Group: System/Shells.
- Add daemon.json file with rotation logs configuration (bsc#1114832)
- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84.
See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
- Update go requirements to >= go1.10
- Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).
- Remove the usage of 'cp -r' to reduce noise in the build logs.
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-295
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:\n\nSecurity issues fixed: \n\n- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).\n- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).\n- CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).\n- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container\n breakout (bsc#1121967).\n\nOther changes and fixes: \n\n- Update shell completion to use Group: System/Shells.\n- Add daemon.json file with rotation logs configuration (bsc#1114832)\n- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84.\n See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.\n- Update go requirements to \u003e= go1.10 \n- Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).\n- Remove the usage of \u0027cp -r\u0027 to reduce noise in the build logs.\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-295",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0295-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0295-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UBFTSNKGB464HWO65FTEXANGAGVXV4XW/#UBFTSNKGB464HWO65FTEXANGAGVXV4XW"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0295-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UBFTSNKGB464HWO65FTEXANGAGVXV4XW/#UBFTSNKGB464HWO65FTEXANGAGVXV4XW"
},
{
"category": "self",
"summary": "SUSE Bug 1048046",
"url": "https://bugzilla.suse.com/1048046"
},
{
"category": "self",
"summary": "SUSE Bug 1051429",
"url": "https://bugzilla.suse.com/1051429"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1124308",
"url": "https://bugzilla.suse.com/1124308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc",
"tracking": {
"current_release_date": "2019-03-23T11:11:59Z",
"generator": {
"date": "2019-03-23T11:11:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0295-1",
"initial_release_date": "2019-03-23T11:11:59Z",
"revision_history": [
{
"date": "2019-03-23T11:11:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-test-1.2.2-lp150.4.10.1.noarch",
"product": {
"name": "containerd-test-1.2.2-lp150.4.10.1.noarch",
"product_id": "containerd-test-1.2.2-lp150.4.10.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"product": {
"name": "docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"product_id": "docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"product_id": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"product": {
"name": "docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"product_id": "docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch"
}
},
{
"category": "product_version",
"name": "runc-test-1.0.0~rc6-lp150.2.7.1.noarch",
"product": {
"name": "runc-test-1.0.0~rc6-lp150.2.7.1.noarch",
"product_id": "runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.2-lp150.4.10.1.x86_64",
"product": {
"name": "containerd-1.2.2-lp150.4.10.1.x86_64",
"product_id": "containerd-1.2.2-lp150.4.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"product": {
"name": "containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"product_id": "containerd-ctr-1.2.2-lp150.4.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.1_ce-lp150.5.13.1.x86_64",
"product": {
"name": "docker-18.09.1_ce-lp150.5.13.1.x86_64",
"product_id": "docker-18.09.1_ce-lp150.5.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"product_id": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"product": {
"name": "docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"product_id": "docker-test-18.09.1_ce-lp150.5.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"product": {
"name": "runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"product_id": "runc-1.0.0~rc6-lp150.2.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.2-lp150.4.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64"
},
"product_reference": "containerd-1.2.2-lp150.4.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.2.2-lp150.4.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64"
},
"product_reference": "containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-test-1.2.2-lp150.4.10.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch"
},
"product_reference": "containerd-test-1.2.2-lp150.4.10.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.1_ce-lp150.5.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64"
},
"product_reference": "docker-18.09.1_ce-lp150.5.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch"
},
"product_reference": "docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch"
},
"product_reference": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-18.09.1_ce-lp150.5.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64"
},
"product_reference": "docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch"
},
"product_reference": "docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64"
},
"product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc6-lp150.2.7.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64"
},
"product_reference": "runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-test-1.0.0~rc6-lp150.2.7.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
},
"product_reference": "runc-test-1.0.0~rc6-lp150.2.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:11:59Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:11:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:11:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:11:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
OPENSUSE-SU-2019:1227-1
Vulnerability from csaf_opensuse - Published: 2019-04-17 14:27 - Updated: 2019-04-17 14:27Summary
Security update for lxc, lxcfs
Severity
Important
Notes
Title of the patch: Security update for lxc, lxcfs
Description of the patch: This update for lxc, lxcfs to version 3.1.0 fixes the following issues:
Security issues fixed:
- CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185).
- CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348).
Non-security issues fixed:
- Update to LXC 3.1.0. The changelog is far too long to include here, please
look at https://linuxcontainers.org/. (boo#1131762)
Patchnames: openSUSE-2019-1227
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.1 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxc-bash-completion-3.1.0-bp150.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxc-bash-completion-3.1.0-bp150.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for lxc, lxcfs",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for lxc, lxcfs to version 3.1.0 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185).\n- CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348).\n\nNon-security issues fixed:\n\n- Update to LXC 3.1.0. The changelog is far too long to include here, please\n look at https://linuxcontainers.org/. (boo#1131762)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1227",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1227-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1227-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P7UGXMWDCAJUCRFVZRWEYVPQASYUPVO4/#P7UGXMWDCAJUCRFVZRWEYVPQASYUPVO4"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1227-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P7UGXMWDCAJUCRFVZRWEYVPQASYUPVO4/#P7UGXMWDCAJUCRFVZRWEYVPQASYUPVO4"
},
{
"category": "self",
"summary": "SUSE Bug 1122185",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "self",
"summary": "SUSE Bug 1131762",
"url": "https://bugzilla.suse.com/1131762"
},
{
"category": "self",
"summary": "SUSE Bug 988348",
"url": "https://bugzilla.suse.com/988348"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6556 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for lxc, lxcfs",
"tracking": {
"current_release_date": "2019-04-17T14:27:35Z",
"generator": {
"date": "2019-04-17T14:27:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1227-1",
"initial_release_date": "2019-04-17T14:27:35Z",
"revision_history": [
{
"date": "2019-04-17T14:27:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "liblxc-devel-3.1.0-bp150.5.3.1.aarch64",
"product": {
"name": "liblxc-devel-3.1.0-bp150.5.3.1.aarch64",
"product_id": "liblxc-devel-3.1.0-bp150.5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "liblxc1-3.1.0-bp150.5.3.1.aarch64",
"product": {
"name": "liblxc1-3.1.0-bp150.5.3.1.aarch64",
"product_id": "liblxc1-3.1.0-bp150.5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lxc-3.1.0-bp150.5.3.1.aarch64",
"product": {
"name": "lxc-3.1.0-bp150.5.3.1.aarch64",
"product_id": "lxc-3.1.0-bp150.5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lxcfs-3.0.3-bp150.3.3.1.aarch64",
"product": {
"name": "lxcfs-3.0.3-bp150.3.3.1.aarch64",
"product_id": "lxcfs-3.0.3-bp150.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "pam_cgfs-3.1.0-bp150.5.3.1.aarch64",
"product": {
"name": "pam_cgfs-3.1.0-bp150.5.3.1.aarch64",
"product_id": "pam_cgfs-3.1.0-bp150.5.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "lxc-bash-completion-3.1.0-bp150.5.3.1.noarch",
"product": {
"name": "lxc-bash-completion-3.1.0-bp150.5.3.1.noarch",
"product_id": "lxc-bash-completion-3.1.0-bp150.5.3.1.noarch"
}
},
{
"category": "product_version",
"name": "lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch",
"product": {
"name": "lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch",
"product_id": "lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "liblxc-devel-3.1.0-bp150.5.3.1.ppc64le",
"product": {
"name": "liblxc-devel-3.1.0-bp150.5.3.1.ppc64le",
"product_id": "liblxc-devel-3.1.0-bp150.5.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "liblxc1-3.1.0-bp150.5.3.1.ppc64le",
"product": {
"name": "liblxc1-3.1.0-bp150.5.3.1.ppc64le",
"product_id": "liblxc1-3.1.0-bp150.5.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lxc-3.1.0-bp150.5.3.1.ppc64le",
"product": {
"name": "lxc-3.1.0-bp150.5.3.1.ppc64le",
"product_id": "lxc-3.1.0-bp150.5.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lxcfs-3.0.3-bp150.3.3.1.ppc64le",
"product": {
"name": "lxcfs-3.0.3-bp150.3.3.1.ppc64le",
"product_id": "lxcfs-3.0.3-bp150.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "pam_cgfs-3.1.0-bp150.5.3.1.ppc64le",
"product": {
"name": "pam_cgfs-3.1.0-bp150.5.3.1.ppc64le",
"product_id": "pam_cgfs-3.1.0-bp150.5.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "liblxc-devel-3.1.0-bp150.5.3.1.s390x",
"product": {
"name": "liblxc-devel-3.1.0-bp150.5.3.1.s390x",
"product_id": "liblxc-devel-3.1.0-bp150.5.3.1.s390x"
}
},
{
"category": "product_version",
"name": "liblxc1-3.1.0-bp150.5.3.1.s390x",
"product": {
"name": "liblxc1-3.1.0-bp150.5.3.1.s390x",
"product_id": "liblxc1-3.1.0-bp150.5.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lxc-3.1.0-bp150.5.3.1.s390x",
"product": {
"name": "lxc-3.1.0-bp150.5.3.1.s390x",
"product_id": "lxc-3.1.0-bp150.5.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lxcfs-3.0.3-bp150.3.3.1.s390x",
"product": {
"name": "lxcfs-3.0.3-bp150.3.3.1.s390x",
"product_id": "lxcfs-3.0.3-bp150.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "pam_cgfs-3.1.0-bp150.5.3.1.s390x",
"product": {
"name": "pam_cgfs-3.1.0-bp150.5.3.1.s390x",
"product_id": "pam_cgfs-3.1.0-bp150.5.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "liblxc-devel-3.1.0-bp150.5.3.1.x86_64",
"product": {
"name": "liblxc-devel-3.1.0-bp150.5.3.1.x86_64",
"product_id": "liblxc-devel-3.1.0-bp150.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "liblxc1-3.1.0-bp150.5.3.1.x86_64",
"product": {
"name": "liblxc1-3.1.0-bp150.5.3.1.x86_64",
"product_id": "liblxc1-3.1.0-bp150.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lxc-3.1.0-bp150.5.3.1.x86_64",
"product": {
"name": "lxc-3.1.0-bp150.5.3.1.x86_64",
"product_id": "lxc-3.1.0-bp150.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lxcfs-3.0.3-bp150.3.3.1.x86_64",
"product": {
"name": "lxcfs-3.0.3-bp150.3.3.1.x86_64",
"product_id": "lxcfs-3.0.3-bp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "pam_cgfs-3.1.0-bp150.5.3.1.x86_64",
"product": {
"name": "pam_cgfs-3.1.0-bp150.5.3.1.x86_64",
"product_id": "pam_cgfs-3.1.0-bp150.5.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc-devel-3.1.0-bp150.5.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.aarch64"
},
"product_reference": "liblxc-devel-3.1.0-bp150.5.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc-devel-3.1.0-bp150.5.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.ppc64le"
},
"product_reference": "liblxc-devel-3.1.0-bp150.5.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc-devel-3.1.0-bp150.5.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.s390x"
},
"product_reference": "liblxc-devel-3.1.0-bp150.5.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc-devel-3.1.0-bp150.5.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.x86_64"
},
"product_reference": "liblxc-devel-3.1.0-bp150.5.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc1-3.1.0-bp150.5.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.aarch64"
},
"product_reference": "liblxc1-3.1.0-bp150.5.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc1-3.1.0-bp150.5.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.ppc64le"
},
"product_reference": "liblxc1-3.1.0-bp150.5.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc1-3.1.0-bp150.5.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.s390x"
},
"product_reference": "liblxc1-3.1.0-bp150.5.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc1-3.1.0-bp150.5.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.x86_64"
},
"product_reference": "liblxc1-3.1.0-bp150.5.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-3.1.0-bp150.5.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.aarch64"
},
"product_reference": "lxc-3.1.0-bp150.5.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-3.1.0-bp150.5.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.ppc64le"
},
"product_reference": "lxc-3.1.0-bp150.5.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-3.1.0-bp150.5.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.s390x"
},
"product_reference": "lxc-3.1.0-bp150.5.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-3.1.0-bp150.5.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.x86_64"
},
"product_reference": "lxc-3.1.0-bp150.5.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-bash-completion-3.1.0-bp150.5.3.1.noarch as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:lxc-bash-completion-3.1.0-bp150.5.3.1.noarch"
},
"product_reference": "lxc-bash-completion-3.1.0-bp150.5.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxcfs-3.0.3-bp150.3.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.aarch64"
},
"product_reference": "lxcfs-3.0.3-bp150.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxcfs-3.0.3-bp150.3.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.ppc64le"
},
"product_reference": "lxcfs-3.0.3-bp150.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxcfs-3.0.3-bp150.3.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.s390x"
},
"product_reference": "lxcfs-3.0.3-bp150.3.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxcfs-3.0.3-bp150.3.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.x86_64"
},
"product_reference": "lxcfs-3.0.3-bp150.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch"
},
"product_reference": "lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cgfs-3.1.0-bp150.5.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.aarch64"
},
"product_reference": "pam_cgfs-3.1.0-bp150.5.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cgfs-3.1.0-bp150.5.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.ppc64le"
},
"product_reference": "pam_cgfs-3.1.0-bp150.5.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cgfs-3.1.0-bp150.5.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.s390x"
},
"product_reference": "pam_cgfs-3.1.0-bp150.5.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cgfs-3.1.0-bp150.5.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.x86_64"
},
"product_reference": "pam_cgfs-3.1.0-bp150.5.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-6556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6556"
}
],
"notes": [
{
"category": "general",
"text": "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn\u0027t otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:lxc-bash-completion-3.1.0-bp150.5.3.1.noarch",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.ppc64le",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.s390x",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6556",
"url": "https://www.suse.com/security/cve/CVE-2018-6556"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2018-6556",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1206779 for CVE-2018-6556",
"url": "https://bugzilla.suse.com/1206779"
},
{
"category": "external",
"summary": "SUSE Bug 988348 for CVE-2018-6556",
"url": "https://bugzilla.suse.com/988348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:lxc-bash-completion-3.1.0-bp150.5.3.1.noarch",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.ppc64le",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.s390x",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:lxc-bash-completion-3.1.0-bp150.5.3.1.noarch",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.ppc64le",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.s390x",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T14:27:35Z",
"details": "moderate"
}
],
"title": "CVE-2018-6556"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:lxc-bash-completion-3.1.0-bp150.5.3.1.noarch",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.ppc64le",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.s390x",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:lxc-bash-completion-3.1.0-bp150.5.3.1.noarch",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.ppc64le",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.s390x",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:liblxc-devel-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:liblxc1-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:lxc-3.1.0-bp150.5.3.1.x86_64",
"SUSE Package Hub 15:lxc-bash-completion-3.1.0-bp150.5.3.1.noarch",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.ppc64le",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.s390x",
"SUSE Package Hub 15:lxcfs-3.0.3-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:lxcfs-hooks-lxc-3.0.3-bp150.3.3.1.noarch",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.aarch64",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.ppc64le",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.s390x",
"SUSE Package Hub 15:pam_cgfs-3.1.0-bp150.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-17T14:27:35Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
OPENSUSE-SU-2019:1275-1
Vulnerability from csaf_opensuse - Published: 2019-04-25 13:56 - Updated: 2019-04-25 13:56Summary
Security update for lxc, lxcfs
Severity
Important
Notes
Title of the patch: Security update for lxc, lxcfs
Description of the patch: This update for lxc, lxcfs to version 3.1.0 fixes the following issues:
Security issues fixed:
- CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185).
- CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348).
Non-security issues fixed:
- Update to LXC 3.1.0. The changelog is far too long to include here, please
look at https://linuxcontainers.org/. (boo#1131762)
Patchnames: openSUSE-2019-1275
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.1 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:liblxc-devel-3.1.0-lp150.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:liblxc1-3.1.0-lp150.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:lxc-3.1.0-lp150.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:lxc-bash-completion-3.1.0-lp150.2.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:lxcfs-3.0.3-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:pam_cgfs-3.1.0-lp150.2.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:liblxc-devel-3.1.0-lp150.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:liblxc1-3.1.0-lp150.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:lxc-3.1.0-lp150.2.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:lxc-bash-completion-3.1.0-lp150.2.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:lxcfs-3.0.3-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:pam_cgfs-3.1.0-lp150.2.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for lxc, lxcfs",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for lxc, lxcfs to version 3.1.0 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185).\n- CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348).\n\nNon-security issues fixed:\n\n- Update to LXC 3.1.0. The changelog is far too long to include here, please\n look at https://linuxcontainers.org/. (boo#1131762)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1275",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1275-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1275-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BJSZ5D42JWJHGJ7ILFBWQ7TUHJTZDYJB/#BJSZ5D42JWJHGJ7ILFBWQ7TUHJTZDYJB"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1275-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BJSZ5D42JWJHGJ7ILFBWQ7TUHJTZDYJB/#BJSZ5D42JWJHGJ7ILFBWQ7TUHJTZDYJB"
},
{
"category": "self",
"summary": "SUSE Bug 1122185",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "self",
"summary": "SUSE Bug 1131762",
"url": "https://bugzilla.suse.com/1131762"
},
{
"category": "self",
"summary": "SUSE Bug 988348",
"url": "https://bugzilla.suse.com/988348"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6556 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for lxc, lxcfs",
"tracking": {
"current_release_date": "2019-04-25T13:56:14Z",
"generator": {
"date": "2019-04-25T13:56:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1275-1",
"initial_release_date": "2019-04-25T13:56:14Z",
"revision_history": [
{
"date": "2019-04-25T13:56:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "lxc-bash-completion-3.1.0-lp150.2.10.1.noarch",
"product": {
"name": "lxc-bash-completion-3.1.0-lp150.2.10.1.noarch",
"product_id": "lxc-bash-completion-3.1.0-lp150.2.10.1.noarch"
}
},
{
"category": "product_version",
"name": "lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch",
"product": {
"name": "lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch",
"product_id": "lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "liblxc-devel-3.1.0-lp150.2.10.1.x86_64",
"product": {
"name": "liblxc-devel-3.1.0-lp150.2.10.1.x86_64",
"product_id": "liblxc-devel-3.1.0-lp150.2.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "liblxc1-3.1.0-lp150.2.10.1.x86_64",
"product": {
"name": "liblxc1-3.1.0-lp150.2.10.1.x86_64",
"product_id": "liblxc1-3.1.0-lp150.2.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "lxc-3.1.0-lp150.2.10.1.x86_64",
"product": {
"name": "lxc-3.1.0-lp150.2.10.1.x86_64",
"product_id": "lxc-3.1.0-lp150.2.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "lxcfs-3.0.3-lp150.2.3.1.x86_64",
"product": {
"name": "lxcfs-3.0.3-lp150.2.3.1.x86_64",
"product_id": "lxcfs-3.0.3-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "pam_cgfs-3.1.0-lp150.2.10.1.x86_64",
"product": {
"name": "pam_cgfs-3.1.0-lp150.2.10.1.x86_64",
"product_id": "pam_cgfs-3.1.0-lp150.2.10.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc-devel-3.1.0-lp150.2.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:liblxc-devel-3.1.0-lp150.2.10.1.x86_64"
},
"product_reference": "liblxc-devel-3.1.0-lp150.2.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc1-3.1.0-lp150.2.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:liblxc1-3.1.0-lp150.2.10.1.x86_64"
},
"product_reference": "liblxc1-3.1.0-lp150.2.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-3.1.0-lp150.2.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:lxc-3.1.0-lp150.2.10.1.x86_64"
},
"product_reference": "lxc-3.1.0-lp150.2.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-bash-completion-3.1.0-lp150.2.10.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:lxc-bash-completion-3.1.0-lp150.2.10.1.noarch"
},
"product_reference": "lxc-bash-completion-3.1.0-lp150.2.10.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxcfs-3.0.3-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:lxcfs-3.0.3-lp150.2.3.1.x86_64"
},
"product_reference": "lxcfs-3.0.3-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch"
},
"product_reference": "lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cgfs-3.1.0-lp150.2.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:pam_cgfs-3.1.0-lp150.2.10.1.x86_64"
},
"product_reference": "pam_cgfs-3.1.0-lp150.2.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-6556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6556"
}
],
"notes": [
{
"category": "general",
"text": "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn\u0027t otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:liblxc-devel-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:liblxc1-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:lxc-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:lxc-bash-completion-3.1.0-lp150.2.10.1.noarch",
"openSUSE Leap 15.0:lxcfs-3.0.3-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:pam_cgfs-3.1.0-lp150.2.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6556",
"url": "https://www.suse.com/security/cve/CVE-2018-6556"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2018-6556",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1206779 for CVE-2018-6556",
"url": "https://bugzilla.suse.com/1206779"
},
{
"category": "external",
"summary": "SUSE Bug 988348 for CVE-2018-6556",
"url": "https://bugzilla.suse.com/988348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:liblxc-devel-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:liblxc1-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:lxc-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:lxc-bash-completion-3.1.0-lp150.2.10.1.noarch",
"openSUSE Leap 15.0:lxcfs-3.0.3-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:pam_cgfs-3.1.0-lp150.2.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:liblxc-devel-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:liblxc1-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:lxc-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:lxc-bash-completion-3.1.0-lp150.2.10.1.noarch",
"openSUSE Leap 15.0:lxcfs-3.0.3-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:pam_cgfs-3.1.0-lp150.2.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-25T13:56:14Z",
"details": "moderate"
}
],
"title": "CVE-2018-6556"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:liblxc-devel-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:liblxc1-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:lxc-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:lxc-bash-completion-3.1.0-lp150.2.10.1.noarch",
"openSUSE Leap 15.0:lxcfs-3.0.3-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:pam_cgfs-3.1.0-lp150.2.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:liblxc-devel-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:liblxc1-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:lxc-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:lxc-bash-completion-3.1.0-lp150.2.10.1.noarch",
"openSUSE Leap 15.0:lxcfs-3.0.3-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:pam_cgfs-3.1.0-lp150.2.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:liblxc-devel-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:liblxc1-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:lxc-3.1.0-lp150.2.10.1.x86_64",
"openSUSE Leap 15.0:lxc-bash-completion-3.1.0-lp150.2.10.1.noarch",
"openSUSE Leap 15.0:lxcfs-3.0.3-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:lxcfs-hooks-lxc-3.0.3-lp150.2.3.1.noarch",
"openSUSE Leap 15.0:pam_cgfs-3.1.0-lp150.2.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-25T13:56:14Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
OPENSUSE-SU-2019:1444-1
Vulnerability from csaf_opensuse - Published: 2019-05-27 05:09 - Updated: 2019-05-27 05:09Summary
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Severity
Important
Notes
Title of the patch: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Description of the patch: This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:
- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).
- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).
- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).
- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).
- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).
Other changes and bug fixes:
- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).
- docker-test: Improvements to test packaging (bsc#1128746).
- Move daemon.json file to /etc/docker directory (bsc#1114832).
- Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209).
- Fix go build failures (bsc#1121397).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1444
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).\n- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).\n- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).\n- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).\n- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).\n\nOther changes and bug fixes:\n\n- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).\n- docker-test: Improvements to test packaging (bsc#1128746).\n- Move daemon.json file to /etc/docker directory (bsc#1114832).\n- Revert golang(API) removal since it turns out this breaks \u003e= requires in certain cases (bsc#1114209).\n- Fix go build failures (bsc#1121397).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1444",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1444-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1444-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CER2ESZ3IMKBBAWOVTY65MHSHQAI2UVB/#CER2ESZ3IMKBBAWOVTY65MHSHQAI2UVB"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1444-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CER2ESZ3IMKBBAWOVTY65MHSHQAI2UVB/#CER2ESZ3IMKBBAWOVTY65MHSHQAI2UVB"
},
{
"category": "self",
"summary": "SUSE Bug 1114209",
"url": "https://bugzilla.suse.com/1114209"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121397",
"url": "https://bugzilla.suse.com/1121397"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1123013",
"url": "https://bugzilla.suse.com/1123013"
},
{
"category": "self",
"summary": "SUSE Bug 1128376",
"url": "https://bugzilla.suse.com/1128376"
},
{
"category": "self",
"summary": "SUSE Bug 1128746",
"url": "https://bugzilla.suse.com/1128746"
},
{
"category": "self",
"summary": "SUSE Bug 1134068",
"url": "https://bugzilla.suse.com/1134068"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
}
],
"title": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"tracking": {
"current_release_date": "2019-05-27T05:09:20Z",
"generator": {
"date": "2019-05-27T05:09:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1444-1",
"initial_release_date": "2019-05-27T05:09:20Z",
"revision_history": [
{
"date": "2019-05-27T05:09:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go-1.12-lp151.2.3.1.i586",
"product": {
"name": "go-1.12-lp151.2.3.1.i586",
"product_id": "go-1.12-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-lp151.2.3.1.i586",
"product": {
"name": "go-doc-1.12-lp151.2.3.1.i586",
"product_id": "go-doc-1.12-lp151.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-test-1.2.5-lp151.2.3.1.noarch",
"product": {
"name": "containerd-test-1.2.5-lp151.2.3.1.noarch",
"product_id": "containerd-test-1.2.5-lp151.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"product": {
"name": "docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"product_id": "docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"product_id": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"product": {
"name": "docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"product_id": "docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-lp151.2.3.1.x86_64",
"product": {
"name": "containerd-1.2.5-lp151.2.3.1.x86_64",
"product_id": "containerd-1.2.5-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"product": {
"name": "containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"product_id": "containerd-ctr-1.2.5-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-lp151.2.3.1.x86_64",
"product": {
"name": "docker-18.09.6_ce-lp151.2.3.1.x86_64",
"product_id": "docker-18.09.6_ce-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"product": {
"name": "docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"product_id": "docker-test-18.09.6_ce-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-1.12-lp151.2.3.1.x86_64",
"product": {
"name": "go-1.12-lp151.2.3.1.x86_64",
"product_id": "go-1.12-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-lp151.2.3.1.x86_64",
"product": {
"name": "go-doc-1.12-lp151.2.3.1.x86_64",
"product_id": "go-doc-1.12-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-race-1.12-lp151.2.3.1.x86_64",
"product": {
"name": "go-race-1.12-lp151.2.3.1.x86_64",
"product_id": "go-race-1.12-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-lp151.2.3.1.x86_64",
"product": {
"name": "go1.11-1.11.9-lp151.2.3.1.x86_64",
"product_id": "go1.11-1.11.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"product": {
"name": "go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"product_id": "go1.11-doc-1.11.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"product": {
"name": "go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"product_id": "go1.11-race-1.11.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-lp151.2.3.1.x86_64",
"product": {
"name": "go1.12-1.12.4-lp151.2.3.1.x86_64",
"product_id": "go1.12-1.12.4-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"product": {
"name": "go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"product_id": "go1.12-doc-1.12.4-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"product": {
"name": "go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"product_id": "go1.12-race-1.12.4-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64"
},
"product_reference": "containerd-1.2.5-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.2.5-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64"
},
"product_reference": "containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-test-1.2.5-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch"
},
"product_reference": "containerd-test-1.2.5-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64"
},
"product_reference": "docker-18.09.6_ce-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch"
},
"product_reference": "docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch"
},
"product_reference": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-18.09.6_ce-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64"
},
"product_reference": "docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch"
},
"product_reference": "docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586"
},
"product_reference": "go-1.12-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64"
},
"product_reference": "go-1.12-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586"
},
"product_reference": "go-doc-1.12-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64"
},
"product_reference": "go-doc-1.12-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-race-1.12-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64"
},
"product_reference": "go-race-1.12-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-1.11.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64"
},
"product_reference": "go1.11-1.11.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-doc-1.11.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64"
},
"product_reference": "go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-race-1.11.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64"
},
"product_reference": "go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.4-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64"
},
"product_reference": "go1.12-1.12.4-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.4-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64"
},
"product_reference": "go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.4-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64"
},
"product_reference": "go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
},
"product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-27T05:09:20Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-27T05:09:20Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-27T05:09:20Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-27T05:09:20Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-27T05:09:20Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
}
]
}
OPENSUSE-SU-2019:1499-1
Vulnerability from csaf_opensuse - Published: 2019-06-03 08:21 - Updated: 2019-06-03 08:21Summary
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Severity
Important
Notes
Title of the patch: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Description of the patch: This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:
- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).
- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).
- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).
- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).
- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).
Other changes and bug fixes:
- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).
- docker-test: Improvements to test packaging (bsc#1128746).
- Move daemon.json file to /etc/docker directory (bsc#1114832).
- Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209).
- Fix go build failures (bsc#1121397).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1499
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).\n- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).\n- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).\n- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).\n- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).\n\nOther changes and bug fixes:\n\n- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).\n- docker-test: Improvements to test packaging (bsc#1128746).\n- Move daemon.json file to /etc/docker directory (bsc#1114832).\n- Revert golang(API) removal since it turns out this breaks \u003e= requires in certain cases (bsc#1114209).\n- Fix go build failures (bsc#1121397).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1499",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1499-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1499-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IF5UCHNMLYYGABZ53J2EKXLMRHH3UVO3/#IF5UCHNMLYYGABZ53J2EKXLMRHH3UVO3"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1499-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IF5UCHNMLYYGABZ53J2EKXLMRHH3UVO3/#IF5UCHNMLYYGABZ53J2EKXLMRHH3UVO3"
},
{
"category": "self",
"summary": "SUSE Bug 1114209",
"url": "https://bugzilla.suse.com/1114209"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121397",
"url": "https://bugzilla.suse.com/1121397"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1123013",
"url": "https://bugzilla.suse.com/1123013"
},
{
"category": "self",
"summary": "SUSE Bug 1128376",
"url": "https://bugzilla.suse.com/1128376"
},
{
"category": "self",
"summary": "SUSE Bug 1128746",
"url": "https://bugzilla.suse.com/1128746"
},
{
"category": "self",
"summary": "SUSE Bug 1134068",
"url": "https://bugzilla.suse.com/1134068"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
}
],
"title": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"tracking": {
"current_release_date": "2019-06-03T08:21:16Z",
"generator": {
"date": "2019-06-03T08:21:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1499-1",
"initial_release_date": "2019-06-03T08:21:16Z",
"revision_history": [
{
"date": "2019-06-03T08:21:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go-1.12-lp150.2.11.1.i586",
"product": {
"name": "go-1.12-lp150.2.11.1.i586",
"product_id": "go-1.12-lp150.2.11.1.i586"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-lp150.2.11.1.i586",
"product": {
"name": "go-doc-1.12-lp150.2.11.1.i586",
"product_id": "go-doc-1.12-lp150.2.11.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-test-1.2.5-lp150.4.14.3.noarch",
"product": {
"name": "containerd-test-1.2.5-lp150.4.14.3.noarch",
"product_id": "containerd-test-1.2.5-lp150.4.14.3.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"product": {
"name": "docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"product_id": "docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"product_id": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"product": {
"name": "docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"product_id": "docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-lp150.4.14.3.x86_64",
"product": {
"name": "containerd-1.2.5-lp150.4.14.3.x86_64",
"product_id": "containerd-1.2.5-lp150.4.14.3.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"product": {
"name": "containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"product_id": "containerd-ctr-1.2.5-lp150.4.14.3.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-lp150.5.17.2.x86_64",
"product": {
"name": "docker-18.09.6_ce-lp150.5.17.2.x86_64",
"product_id": "docker-18.09.6_ce-lp150.5.17.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"product": {
"name": "docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"product_id": "docker-test-18.09.6_ce-lp150.5.17.2.x86_64"
}
},
{
"category": "product_version",
"name": "go-1.12-lp150.2.11.1.x86_64",
"product": {
"name": "go-1.12-lp150.2.11.1.x86_64",
"product_id": "go-1.12-lp150.2.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-lp150.2.11.1.x86_64",
"product": {
"name": "go-doc-1.12-lp150.2.11.1.x86_64",
"product_id": "go-doc-1.12-lp150.2.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-race-1.12-lp150.2.11.1.x86_64",
"product": {
"name": "go-race-1.12-lp150.2.11.1.x86_64",
"product_id": "go-race-1.12-lp150.2.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-lp150.9.3.x86_64",
"product": {
"name": "go1.11-1.11.9-lp150.9.3.x86_64",
"product_id": "go1.11-1.11.9-lp150.9.3.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-lp150.9.3.x86_64",
"product": {
"name": "go1.11-doc-1.11.9-lp150.9.3.x86_64",
"product_id": "go1.11-doc-1.11.9-lp150.9.3.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-race-1.11.9-lp150.9.3.x86_64",
"product": {
"name": "go1.11-race-1.11.9-lp150.9.3.x86_64",
"product_id": "go1.11-race-1.11.9-lp150.9.3.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-lp150.2.2.x86_64",
"product": {
"name": "go1.12-1.12.4-lp150.2.2.x86_64",
"product_id": "go1.12-1.12.4-lp150.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-lp150.2.2.x86_64",
"product": {
"name": "go1.12-doc-1.12.4-lp150.2.2.x86_64",
"product_id": "go1.12-doc-1.12.4-lp150.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.4-lp150.2.2.x86_64",
"product": {
"name": "go1.12-race-1.12.4-lp150.2.2.x86_64",
"product_id": "go1.12-race-1.12.4-lp150.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-lp150.4.14.3.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64"
},
"product_reference": "containerd-1.2.5-lp150.4.14.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.2.5-lp150.4.14.3.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64"
},
"product_reference": "containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-test-1.2.5-lp150.4.14.3.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch"
},
"product_reference": "containerd-test-1.2.5-lp150.4.14.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-lp150.5.17.2.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64"
},
"product_reference": "docker-18.09.6_ce-lp150.5.17.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch"
},
"product_reference": "docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch"
},
"product_reference": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-18.09.6_ce-lp150.5.17.2.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64"
},
"product_reference": "docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch"
},
"product_reference": "docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-lp150.2.11.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586"
},
"product_reference": "go-1.12-lp150.2.11.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-lp150.2.11.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64"
},
"product_reference": "go-1.12-lp150.2.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-lp150.2.11.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586"
},
"product_reference": "go-doc-1.12-lp150.2.11.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-lp150.2.11.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64"
},
"product_reference": "go-doc-1.12-lp150.2.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-race-1.12-lp150.2.11.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64"
},
"product_reference": "go-race-1.12-lp150.2.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-1.11.9-lp150.9.3.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64"
},
"product_reference": "go1.11-1.11.9-lp150.9.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-doc-1.11.9-lp150.9.3.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64"
},
"product_reference": "go1.11-doc-1.11.9-lp150.9.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-race-1.11.9-lp150.9.3.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64"
},
"product_reference": "go1.11-race-1.11.9-lp150.9.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.4-lp150.2.2.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64"
},
"product_reference": "go1.12-1.12.4-lp150.2.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.4-lp150.2.2.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64"
},
"product_reference": "go1.12-doc-1.12.4-lp150.2.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.4-lp150.2.2.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64"
},
"product_reference": "go1.12-race-1.12.4-lp150.2.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
},
"product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T08:21:16Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T08:21:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T08:21:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T08:21:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T08:21:16Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
}
]
}
OPENSUSE-SU-2019:1506-1
Vulnerability from csaf_opensuse - Published: 2019-06-03 11:22 - Updated: 2019-06-03 11:22Summary
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Severity
Important
Notes
Title of the patch: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Description of the patch: This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:
- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).
- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).
- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).
- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).
- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).
Other changes and bug fixes:
- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).
- docker-test: Improvements to test packaging (bsc#1128746).
- Move daemon.json file to /etc/docker directory (bsc#1114832).
- Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209).
- Fix go build failures (bsc#1121397).
This update was imported from the SUSE:SLE-15:Update update project.
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patchnames: openSUSE-2019-1506
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).\n- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).\n- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).\n- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).\n- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).\n\nOther changes and bug fixes:\n\n- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).\n- docker-test: Improvements to test packaging (bsc#1128746).\n- Move daemon.json file to /etc/docker directory (bsc#1114832).\n- Revert golang(API) removal since it turns out this breaks \u003e= requires in certain cases (bsc#1114209).\n- Fix go build failures (bsc#1121397).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\nThis update was imported from the openSUSE:Leap:15.0:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1506",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1506-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1506-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HM6FFITESF23XEYSCI7KTKZVCPQU2CMO/#HM6FFITESF23XEYSCI7KTKZVCPQU2CMO"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1506-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HM6FFITESF23XEYSCI7KTKZVCPQU2CMO/#HM6FFITESF23XEYSCI7KTKZVCPQU2CMO"
},
{
"category": "self",
"summary": "SUSE Bug 1114209",
"url": "https://bugzilla.suse.com/1114209"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121397",
"url": "https://bugzilla.suse.com/1121397"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1123013",
"url": "https://bugzilla.suse.com/1123013"
},
{
"category": "self",
"summary": "SUSE Bug 1128376",
"url": "https://bugzilla.suse.com/1128376"
},
{
"category": "self",
"summary": "SUSE Bug 1128746",
"url": "https://bugzilla.suse.com/1128746"
},
{
"category": "self",
"summary": "SUSE Bug 1134068",
"url": "https://bugzilla.suse.com/1134068"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
}
],
"title": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"tracking": {
"current_release_date": "2019-06-03T11:22:06Z",
"generator": {
"date": "2019-06-03T11:22:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1506-1",
"initial_release_date": "2019-06-03T11:22:06Z",
"revision_history": [
{
"date": "2019-06-03T11:22:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go-1.12-bp150.2.6.1.aarch64",
"product": {
"name": "go-1.12-bp150.2.6.1.aarch64",
"product_id": "go-1.12-bp150.2.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-bp150.2.6.1.aarch64",
"product": {
"name": "go-doc-1.12-bp150.2.6.1.aarch64",
"product_id": "go-doc-1.12-bp150.2.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-1.12-bp150.2.6.1.ppc64le",
"product": {
"name": "go-1.12-bp150.2.6.1.ppc64le",
"product_id": "go-1.12-bp150.2.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-bp150.2.6.1.ppc64le",
"product": {
"name": "go-doc-1.12-bp150.2.6.1.ppc64le",
"product_id": "go-doc-1.12-bp150.2.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go-1.12-bp150.2.6.1.s390x",
"product": {
"name": "go-1.12-bp150.2.6.1.s390x",
"product_id": "go-1.12-bp150.2.6.1.s390x"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-bp150.2.6.1.s390x",
"product": {
"name": "go-doc-1.12-bp150.2.6.1.s390x",
"product_id": "go-doc-1.12-bp150.2.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go-1.12-bp150.2.6.1.x86_64",
"product": {
"name": "go-1.12-bp150.2.6.1.x86_64",
"product_id": "go-1.12-bp150.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-bp150.2.6.1.x86_64",
"product": {
"name": "go-doc-1.12-bp150.2.6.1.x86_64",
"product_id": "go-doc-1.12-bp150.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-race-1.12-bp150.2.6.1.x86_64",
"product": {
"name": "go-race-1.12-bp150.2.6.1.x86_64",
"product_id": "go-race-1.12-bp150.2.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-bp150.2.6.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64"
},
"product_reference": "go-1.12-bp150.2.6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-bp150.2.6.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le"
},
"product_reference": "go-1.12-bp150.2.6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-bp150.2.6.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x"
},
"product_reference": "go-1.12-bp150.2.6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64"
},
"product_reference": "go-1.12-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-bp150.2.6.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64"
},
"product_reference": "go-doc-1.12-bp150.2.6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-bp150.2.6.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le"
},
"product_reference": "go-doc-1.12-bp150.2.6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-bp150.2.6.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x"
},
"product_reference": "go-doc-1.12-bp150.2.6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64"
},
"product_reference": "go-doc-1.12-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-race-1.12-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
},
"product_reference": "go-race-1.12-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T11:22:06Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T11:22:06Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T11:22:06Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T11:22:06Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T11:22:06Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
}
]
}
OPENSUSE-SU-2019:2021-1
Vulnerability from csaf_opensuse - Published: 2019-08-29 16:21 - Updated: 2019-08-29 16:21Summary
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork
Severity
Important
Notes
Title of the patch: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork
Description of the patch: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:
Docker:
- CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409).
- CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160).
- Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649).
runc:
- Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920).
- Update to runc 425e105d5a03, which is required by Docker (bsc#1139649).
containerd:
- CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967).
- Update to containerd v1.2.6, which is required by docker (bsc#1139649).
golang-github-docker-libnetwork:
- Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2021
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.3 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:\n\nDocker:\n\n- CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409).\n- CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160).\n- Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649).\n\nrunc:\n\n- Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920).\n- Update to runc 425e105d5a03, which is required by Docker (bsc#1139649).\n\ncontainerd:\n\n- CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967).\n- Update to containerd v1.2.6, which is required by docker (bsc#1139649).\n\ngolang-github-docker-libnetwork:\n\n- Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2021",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2021-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2021-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/22XH5BZGCHAOESP2KM3ZT4XHBXIVMEZK/#22XH5BZGCHAOESP2KM3ZT4XHBXIVMEZK"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2021-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/22XH5BZGCHAOESP2KM3ZT4XHBXIVMEZK/#22XH5BZGCHAOESP2KM3ZT4XHBXIVMEZK"
},
{
"category": "self",
"summary": "SUSE Bug 1100331",
"url": "https://bugzilla.suse.com/1100331"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1138920",
"url": "https://bugzilla.suse.com/1138920"
},
{
"category": "self",
"summary": "SUSE Bug 1139649",
"url": "https://bugzilla.suse.com/1139649"
},
{
"category": "self",
"summary": "SUSE Bug 1142160",
"url": "https://bugzilla.suse.com/1142160"
},
{
"category": "self",
"summary": "SUSE Bug 1142413",
"url": "https://bugzilla.suse.com/1142413"
},
{
"category": "self",
"summary": "SUSE Bug 1143409",
"url": "https://bugzilla.suse.com/1143409"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10892 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13509 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14271 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork",
"tracking": {
"current_release_date": "2019-08-29T16:21:56Z",
"generator": {
"date": "2019-08-29T16:21:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2021-1",
"initial_release_date": "2019-08-29T16:21:56Z",
"revision_history": [
{
"date": "2019-08-29T16:21:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"product": {
"name": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"product_id": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"product": {
"name": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"product_id": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.6-lp151.2.6.1.x86_64",
"product": {
"name": "containerd-1.2.6-lp151.2.6.1.x86_64",
"product_id": "containerd-1.2.6-lp151.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"product": {
"name": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"product_id": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-19.03.1_ce-lp151.2.12.1.x86_64",
"product": {
"name": "docker-19.03.1_ce-lp151.2.12.1.x86_64",
"product_id": "docker-19.03.1_ce-lp151.2.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"product_id": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"product": {
"name": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"product_id": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.6-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64"
},
"product_reference": "containerd-1.2.6-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64"
},
"product_reference": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-19.03.1_ce-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64"
},
"product_reference": "docker-19.03.1_ce-lp151.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch"
},
"product_reference": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64"
},
"product_reference": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch"
},
"product_reference": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
},
"product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.6-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64"
},
"product_reference": "containerd-1.2.6-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64"
},
"product_reference": "containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-19.03.1_ce-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64"
},
"product_reference": "docker-19.03.1_ce-lp151.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch"
},
"product_reference": "docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64"
},
"product_reference": "docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch"
},
"product_reference": "docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
},
"product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10892"
}
],
"notes": [
{
"category": "general",
"text": "The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host\u0027s hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10892",
"url": "https://www.suse.com/security/cve/CVE-2018-10892"
},
{
"category": "external",
"summary": "SUSE Bug 1100331 for CVE-2018-10892",
"url": "https://bugzilla.suse.com/1100331"
},
{
"category": "external",
"summary": "SUSE Bug 1100838 for CVE-2018-10892",
"url": "https://bugzilla.suse.com/1100838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:21:56Z",
"details": "moderate"
}
],
"title": "CVE-2018-10892"
},
{
"cve": "CVE-2019-13509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13509"
}
],
"notes": [
{
"category": "general",
"text": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13509",
"url": "https://www.suse.com/security/cve/CVE-2019-13509"
},
{
"category": "external",
"summary": "SUSE Bug 1142160 for CVE-2019-13509",
"url": "https://bugzilla.suse.com/1142160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:21:56Z",
"details": "moderate"
}
],
"title": "CVE-2019-13509"
},
{
"cve": "CVE-2019-14271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14271"
}
],
"notes": [
{
"category": "general",
"text": "In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14271",
"url": "https://www.suse.com/security/cve/CVE-2019-14271"
},
{
"category": "external",
"summary": "SUSE Bug 1143409 for CVE-2019-14271",
"url": "https://bugzilla.suse.com/1143409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:21:56Z",
"details": "important"
}
],
"title": "CVE-2019-14271"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.6-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp151.3.6.1.x86_64",
"openSUSE Leap 15.1:docker-test-19.03.1_ce-lp151.2.12.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-19.03.1_ce-lp151.2.12.1.noarch",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2800_fc5a7d91d54c-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-29T16:21:56Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
OPENSUSE-SU-2019:2245-1
Vulnerability from csaf_opensuse - Published: 2019-10-03 10:23 - Updated: 2019-10-03 10:23Summary
Security update for lxc
Severity
Moderate
Notes
Title of the patch: Security update for lxc
Description of the patch: This update for lxc fixes the following issues:
Update to lxc 3.2.1.
The changelog can be found at
https://discuss.linuxcontainers.org/t/lxc-3-2-1-has-been-released/5322
+ seccomp: support syscall forwarding to userspace
+ add lxc.seccomp.allow_nesting
+ pidfd: Add initial support for the new pidfd api
* Many hardening improvements.
* Use /sys/kernel/cgroup/delegate file for cgroup v2.
* Fix CVE-2019-5736 equivalent bug.
- fix apparmor dropin to be compatible with LXC 3.1.0 (boo#1131762)
Patchnames: openSUSE-2019-2245
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:liblxc-devel-3.2.1-lp151.4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:liblxc1-3.2.1-lp151.4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:lxc-3.2.1-lp151.4.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:lxc-bash-completion-3.2.1-lp151.4.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:pam_cgfs-3.2.1-lp151.4.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for lxc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for lxc fixes the following issues:\n\nUpdate to lxc 3.2.1.\nThe changelog can be found at\n\n https://discuss.linuxcontainers.org/t/lxc-3-2-1-has-been-released/5322\n\n+ seccomp: support syscall forwarding to userspace\n+ add lxc.seccomp.allow_nesting\n+ pidfd: Add initial support for the new pidfd api\n* Many hardening improvements.\n* Use /sys/kernel/cgroup/delegate file for cgroup v2.\n* Fix CVE-2019-5736 equivalent bug.\n\n- fix apparmor dropin to be compatible with LXC 3.1.0 (boo#1131762)",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2245",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2245-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2245-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZEKPXAULRUSJYU4B66UDTT35NKPZHFT6/#ZEKPXAULRUSJYU4B66UDTT35NKPZHFT6"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2245-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZEKPXAULRUSJYU4B66UDTT35NKPZHFT6/#ZEKPXAULRUSJYU4B66UDTT35NKPZHFT6"
},
{
"category": "self",
"summary": "SUSE Bug 1131762",
"url": "https://bugzilla.suse.com/1131762"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for lxc",
"tracking": {
"current_release_date": "2019-10-03T10:23:09Z",
"generator": {
"date": "2019-10-03T10:23:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2245-1",
"initial_release_date": "2019-10-03T10:23:09Z",
"revision_history": [
{
"date": "2019-10-03T10:23:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "lxc-bash-completion-3.2.1-lp151.4.5.1.noarch",
"product": {
"name": "lxc-bash-completion-3.2.1-lp151.4.5.1.noarch",
"product_id": "lxc-bash-completion-3.2.1-lp151.4.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "liblxc-devel-3.2.1-lp151.4.5.1.x86_64",
"product": {
"name": "liblxc-devel-3.2.1-lp151.4.5.1.x86_64",
"product_id": "liblxc-devel-3.2.1-lp151.4.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "liblxc1-3.2.1-lp151.4.5.1.x86_64",
"product": {
"name": "liblxc1-3.2.1-lp151.4.5.1.x86_64",
"product_id": "liblxc1-3.2.1-lp151.4.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "lxc-3.2.1-lp151.4.5.1.x86_64",
"product": {
"name": "lxc-3.2.1-lp151.4.5.1.x86_64",
"product_id": "lxc-3.2.1-lp151.4.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "pam_cgfs-3.2.1-lp151.4.5.1.x86_64",
"product": {
"name": "pam_cgfs-3.2.1-lp151.4.5.1.x86_64",
"product_id": "pam_cgfs-3.2.1-lp151.4.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc-devel-3.2.1-lp151.4.5.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:liblxc-devel-3.2.1-lp151.4.5.1.x86_64"
},
"product_reference": "liblxc-devel-3.2.1-lp151.4.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc1-3.2.1-lp151.4.5.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:liblxc1-3.2.1-lp151.4.5.1.x86_64"
},
"product_reference": "liblxc1-3.2.1-lp151.4.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-3.2.1-lp151.4.5.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:lxc-3.2.1-lp151.4.5.1.x86_64"
},
"product_reference": "lxc-3.2.1-lp151.4.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-bash-completion-3.2.1-lp151.4.5.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:lxc-bash-completion-3.2.1-lp151.4.5.1.noarch"
},
"product_reference": "lxc-bash-completion-3.2.1-lp151.4.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cgfs-3.2.1-lp151.4.5.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:pam_cgfs-3.2.1-lp151.4.5.1.x86_64"
},
"product_reference": "pam_cgfs-3.2.1-lp151.4.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:liblxc-devel-3.2.1-lp151.4.5.1.x86_64",
"openSUSE Leap 15.1:liblxc1-3.2.1-lp151.4.5.1.x86_64",
"openSUSE Leap 15.1:lxc-3.2.1-lp151.4.5.1.x86_64",
"openSUSE Leap 15.1:lxc-bash-completion-3.2.1-lp151.4.5.1.noarch",
"openSUSE Leap 15.1:pam_cgfs-3.2.1-lp151.4.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:liblxc-devel-3.2.1-lp151.4.5.1.x86_64",
"openSUSE Leap 15.1:liblxc1-3.2.1-lp151.4.5.1.x86_64",
"openSUSE Leap 15.1:lxc-3.2.1-lp151.4.5.1.x86_64",
"openSUSE Leap 15.1:lxc-bash-completion-3.2.1-lp151.4.5.1.noarch",
"openSUSE Leap 15.1:pam_cgfs-3.2.1-lp151.4.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:liblxc-devel-3.2.1-lp151.4.5.1.x86_64",
"openSUSE Leap 15.1:liblxc1-3.2.1-lp151.4.5.1.x86_64",
"openSUSE Leap 15.1:lxc-3.2.1-lp151.4.5.1.x86_64",
"openSUSE Leap 15.1:lxc-bash-completion-3.2.1-lp151.4.5.1.noarch",
"openSUSE Leap 15.1:pam_cgfs-3.2.1-lp151.4.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-03T10:23:09Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
OPENSUSE-SU-2019:2286-1
Vulnerability from csaf_opensuse - Published: 2019-10-07 15:30 - Updated: 2019-10-07 15:30Summary
Security update for lxc
Severity
Moderate
Notes
Title of the patch: Security update for lxc
Description of the patch: This update for lxc fixes the following issues:
Update to lxc 3.2.1.
The changelog can be found at
https://discuss.linuxcontainers.org/t/lxc-3-2-1-has-been-released/5322
+ seccomp: support syscall forwarding to userspace
+ add lxc.seccomp.allow_nesting
+ pidfd: Add initial support for the new pidfd api
* Many hardening improvements.
* Use /sys/kernel/cgroup/delegate file for cgroup v2.
* Fix CVE-2019-5736 equivalent bug.
- fix apparmor dropin to be compatible with LXC 3.1.0 (boo#1131762)
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames: openSUSE-2019-2286
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:lxc-bash-completion-3.2.1-bp151.5.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for lxc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for lxc fixes the following issues:\n\nUpdate to lxc 3.2.1.\nThe changelog can be found at\n\n https://discuss.linuxcontainers.org/t/lxc-3-2-1-has-been-released/5322\n\n+ seccomp: support syscall forwarding to userspace\n+ add lxc.seccomp.allow_nesting\n+ pidfd: Add initial support for the new pidfd api\n* Many hardening improvements.\n* Use /sys/kernel/cgroup/delegate file for cgroup v2.\n* Fix CVE-2019-5736 equivalent bug.\n\n- fix apparmor dropin to be compatible with LXC 3.1.0 (boo#1131762)\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2286",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2286-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2286-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VMNKFT3TORLGIZACMW6N6GUJJYTXUZZU/#VMNKFT3TORLGIZACMW6N6GUJJYTXUZZU"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2286-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VMNKFT3TORLGIZACMW6N6GUJJYTXUZZU/#VMNKFT3TORLGIZACMW6N6GUJJYTXUZZU"
},
{
"category": "self",
"summary": "SUSE Bug 1131762",
"url": "https://bugzilla.suse.com/1131762"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for lxc",
"tracking": {
"current_release_date": "2019-10-07T15:30:53Z",
"generator": {
"date": "2019-10-07T15:30:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2286-1",
"initial_release_date": "2019-10-07T15:30:53Z",
"revision_history": [
{
"date": "2019-10-07T15:30:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "liblxc-devel-3.2.1-bp151.5.3.1.aarch64",
"product": {
"name": "liblxc-devel-3.2.1-bp151.5.3.1.aarch64",
"product_id": "liblxc-devel-3.2.1-bp151.5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "liblxc1-3.2.1-bp151.5.3.1.aarch64",
"product": {
"name": "liblxc1-3.2.1-bp151.5.3.1.aarch64",
"product_id": "liblxc1-3.2.1-bp151.5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "lxc-3.2.1-bp151.5.3.1.aarch64",
"product": {
"name": "lxc-3.2.1-bp151.5.3.1.aarch64",
"product_id": "lxc-3.2.1-bp151.5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "pam_cgfs-3.2.1-bp151.5.3.1.aarch64",
"product": {
"name": "pam_cgfs-3.2.1-bp151.5.3.1.aarch64",
"product_id": "pam_cgfs-3.2.1-bp151.5.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "lxc-bash-completion-3.2.1-bp151.5.3.1.noarch",
"product": {
"name": "lxc-bash-completion-3.2.1-bp151.5.3.1.noarch",
"product_id": "lxc-bash-completion-3.2.1-bp151.5.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "liblxc-devel-3.2.1-bp151.5.3.1.ppc64le",
"product": {
"name": "liblxc-devel-3.2.1-bp151.5.3.1.ppc64le",
"product_id": "liblxc-devel-3.2.1-bp151.5.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "liblxc1-3.2.1-bp151.5.3.1.ppc64le",
"product": {
"name": "liblxc1-3.2.1-bp151.5.3.1.ppc64le",
"product_id": "liblxc1-3.2.1-bp151.5.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lxc-3.2.1-bp151.5.3.1.ppc64le",
"product": {
"name": "lxc-3.2.1-bp151.5.3.1.ppc64le",
"product_id": "lxc-3.2.1-bp151.5.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "pam_cgfs-3.2.1-bp151.5.3.1.ppc64le",
"product": {
"name": "pam_cgfs-3.2.1-bp151.5.3.1.ppc64le",
"product_id": "pam_cgfs-3.2.1-bp151.5.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "liblxc-devel-3.2.1-bp151.5.3.1.s390x",
"product": {
"name": "liblxc-devel-3.2.1-bp151.5.3.1.s390x",
"product_id": "liblxc-devel-3.2.1-bp151.5.3.1.s390x"
}
},
{
"category": "product_version",
"name": "liblxc1-3.2.1-bp151.5.3.1.s390x",
"product": {
"name": "liblxc1-3.2.1-bp151.5.3.1.s390x",
"product_id": "liblxc1-3.2.1-bp151.5.3.1.s390x"
}
},
{
"category": "product_version",
"name": "lxc-3.2.1-bp151.5.3.1.s390x",
"product": {
"name": "lxc-3.2.1-bp151.5.3.1.s390x",
"product_id": "lxc-3.2.1-bp151.5.3.1.s390x"
}
},
{
"category": "product_version",
"name": "pam_cgfs-3.2.1-bp151.5.3.1.s390x",
"product": {
"name": "pam_cgfs-3.2.1-bp151.5.3.1.s390x",
"product_id": "pam_cgfs-3.2.1-bp151.5.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "liblxc-devel-3.2.1-bp151.5.3.1.x86_64",
"product": {
"name": "liblxc-devel-3.2.1-bp151.5.3.1.x86_64",
"product_id": "liblxc-devel-3.2.1-bp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "liblxc1-3.2.1-bp151.5.3.1.x86_64",
"product": {
"name": "liblxc1-3.2.1-bp151.5.3.1.x86_64",
"product_id": "liblxc1-3.2.1-bp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "lxc-3.2.1-bp151.5.3.1.x86_64",
"product": {
"name": "lxc-3.2.1-bp151.5.3.1.x86_64",
"product_id": "lxc-3.2.1-bp151.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "pam_cgfs-3.2.1-bp151.5.3.1.x86_64",
"product": {
"name": "pam_cgfs-3.2.1-bp151.5.3.1.x86_64",
"product_id": "pam_cgfs-3.2.1-bp151.5.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc-devel-3.2.1-bp151.5.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.aarch64"
},
"product_reference": "liblxc-devel-3.2.1-bp151.5.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc-devel-3.2.1-bp151.5.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.ppc64le"
},
"product_reference": "liblxc-devel-3.2.1-bp151.5.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc-devel-3.2.1-bp151.5.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.s390x"
},
"product_reference": "liblxc-devel-3.2.1-bp151.5.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc-devel-3.2.1-bp151.5.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.x86_64"
},
"product_reference": "liblxc-devel-3.2.1-bp151.5.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc1-3.2.1-bp151.5.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.aarch64"
},
"product_reference": "liblxc1-3.2.1-bp151.5.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc1-3.2.1-bp151.5.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.ppc64le"
},
"product_reference": "liblxc1-3.2.1-bp151.5.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc1-3.2.1-bp151.5.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.s390x"
},
"product_reference": "liblxc1-3.2.1-bp151.5.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "liblxc1-3.2.1-bp151.5.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.x86_64"
},
"product_reference": "liblxc1-3.2.1-bp151.5.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-3.2.1-bp151.5.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.aarch64"
},
"product_reference": "lxc-3.2.1-bp151.5.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-3.2.1-bp151.5.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.ppc64le"
},
"product_reference": "lxc-3.2.1-bp151.5.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-3.2.1-bp151.5.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.s390x"
},
"product_reference": "lxc-3.2.1-bp151.5.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-3.2.1-bp151.5.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.x86_64"
},
"product_reference": "lxc-3.2.1-bp151.5.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lxc-bash-completion-3.2.1-bp151.5.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:lxc-bash-completion-3.2.1-bp151.5.3.1.noarch"
},
"product_reference": "lxc-bash-completion-3.2.1-bp151.5.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cgfs-3.2.1-bp151.5.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.aarch64"
},
"product_reference": "pam_cgfs-3.2.1-bp151.5.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cgfs-3.2.1-bp151.5.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.ppc64le"
},
"product_reference": "pam_cgfs-3.2.1-bp151.5.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cgfs-3.2.1-bp151.5.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.s390x"
},
"product_reference": "pam_cgfs-3.2.1-bp151.5.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam_cgfs-3.2.1-bp151.5.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.x86_64"
},
"product_reference": "pam_cgfs-3.2.1-bp151.5.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.aarch64",
"SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.ppc64le",
"SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.s390x",
"SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.x86_64",
"SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.aarch64",
"SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.ppc64le",
"SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.s390x",
"SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.x86_64",
"SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.aarch64",
"SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.ppc64le",
"SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.s390x",
"SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.x86_64",
"SUSE Package Hub 15 SP1:lxc-bash-completion-3.2.1-bp151.5.3.1.noarch",
"SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.aarch64",
"SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.ppc64le",
"SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.s390x",
"SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.aarch64",
"SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.ppc64le",
"SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.s390x",
"SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.x86_64",
"SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.aarch64",
"SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.ppc64le",
"SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.s390x",
"SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.x86_64",
"SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.aarch64",
"SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.ppc64le",
"SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.s390x",
"SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.x86_64",
"SUSE Package Hub 15 SP1:lxc-bash-completion-3.2.1-bp151.5.3.1.noarch",
"SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.aarch64",
"SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.ppc64le",
"SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.s390x",
"SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.aarch64",
"SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.ppc64le",
"SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.s390x",
"SUSE Package Hub 15 SP1:liblxc-devel-3.2.1-bp151.5.3.1.x86_64",
"SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.aarch64",
"SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.ppc64le",
"SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.s390x",
"SUSE Package Hub 15 SP1:liblxc1-3.2.1-bp151.5.3.1.x86_64",
"SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.aarch64",
"SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.ppc64le",
"SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.s390x",
"SUSE Package Hub 15 SP1:lxc-3.2.1-bp151.5.3.1.x86_64",
"SUSE Package Hub 15 SP1:lxc-bash-completion-3.2.1-bp151.5.3.1.noarch",
"SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.aarch64",
"SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.ppc64le",
"SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.s390x",
"SUSE Package Hub 15 SP1:pam_cgfs-3.2.1-bp151.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-07T15:30:53Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…