Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for containerd (openSUSE-SU-2019:0295-1)
Summary:The remote host is missing an update for the 'containerd'; package(s) announced via the openSUSE-SU-2019:0295-1 advisory.
The remote host is missing an update for the 'containerd'
package(s) announced via the openSUSE-SU-2019:0295-1 advisory.

Vulnerability Insight:
This update for containerd, docker, docker-runc,
golang-github-docker-libnetwork, runc fixes the following issues:

Security issues fixed:

- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).

- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow
directory traversal in GOPATH mode (bsc#1118898).

- CVE-2018-16873: Fixed a vulnerability in go get command which could
allow remote code execution when executed with -u in GOPATH mode

- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to
avoid write attacks to the host runc binary, which could lead to a
container breakout (bsc#1121967).

Other changes and fixes:

- Update shell completion to use Group: System/Shells.

- Add daemon.json file with rotation logs configuration (bsc#1114832)

- Update to Docker 18.09.1-ce (bsc#1124308) and to runc 96ec2177ae84.
See upstream changelog in the packaged

- Update go requirements to = go1.10

- Use -buildmode=pie for tests and binary build (bsc#1048046 and

- Remove the usage of 'cp -r' to reduce noise in the build logs.

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-295=1

Affected Software/OS:
containerd, on openSUSE Leap 15.0.

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-5736
BugTraq ID: 106976
Cisco Security Advisory:
RedHat Security Advisories: RHSA-2019:0303
RedHat Security Advisories: RHSA-2019:0304
RedHat Security Advisories: RHSA-2019:0401
RedHat Security Advisories: RHSA-2019:0408
RedHat Security Advisories: RHSA-2019:0975
SuSE Security Announcement: openSUSE-SU-2019:1079 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1227 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1275 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1444 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1481 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1499 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1506 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:2021 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:2245 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:2286 (Google Search)
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.