Bug 1118897 - (CVE-2018-16873) VUL-0: CVE-2018-16873: go: cmd/go: remote command execution
(CVE-2018-16873)
VUL-0: CVE-2018-16873: go: cmd/go: remote command execution
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Flavio Castelli
Security Team bot
https://smash.suse.de/issue/220524/
CVSSv2:NVD:CVE-2018-16874:6.8:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-12-10 07:34 UTC by Marcus Meissner
Modified: 2022-12-08 10:37 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Marcus Meissner 2018-12-13 09:27:48 UTC
new 
CRD: 2018-12-13 20:00UTC

In the original email, I said that the security release for Go was planned
for next week and the tentative public disclosure time was Wednesday,
December 12 at approximately 8 pm UTC.

The release is still in progress, but we are moving it to Thursday,
December 13 at approximately 8 pm UTC. You can see an updated
pre-announcement at
https://groups.google.com/d/msg/golang-announce/D4sE5tGvhe8/sVJSIEtFCAAJ.

I will send a follow-up email when the release is complete and the embargo
on the details of the security descriptions is lifted.

Thank you,
Dmitri on behalf of the Go team
Comment 4 Johannes Segitz 2018-12-14 07:18:35 UTC
public: https://github.com/golang/go/issues/29230
Comment 6 Swamp Workflow Management 2018-12-14 11:40:20 UTC
This is an autogenerated message for OBS integration:
This bug (1118897) was mentioned in
https://build.opensuse.org/request/show/658012 Factory / go1.10
https://build.opensuse.org/request/show/658013 Factory / go1.11
https://build.opensuse.org/request/show/658014 Factory / go
Comment 7 Swamp Workflow Management 2018-12-15 08:41:18 UTC
This is an autogenerated message for OBS integration:
This bug (1118897) was mentioned in
https://build.opensuse.org/request/show/658307 Factory / go1.10
https://build.opensuse.org/request/show/658308 Factory / go1.11
Comment 8 Swamp Workflow Management 2018-12-17 03:00:07 UTC
This is an autogenerated message for OBS integration:
This bug (1118897) was mentioned in
https://build.opensuse.org/request/show/658807 Factory / go1.10
https://build.opensuse.org/request/show/658808 Factory / go1.11
Comment 10 Swamp Workflow Management 2018-12-17 13:40:15 UTC
This is an autogenerated message for OBS integration:
This bug (1118897) was mentioned in
https://build.opensuse.org/request/show/658900 Factory / go1.10
Comment 11 Swamp Workflow Management 2018-12-17 15:42:47 UTC
This is an autogenerated message for OBS integration:
This bug (1118897) was mentioned in
https://build.opensuse.org/request/show/658934 15.0+42.3 / go1.11
Comment 14 Swamp Workflow Management 2018-12-19 11:09:27 UTC
openSUSE-SU-2018:4181-1: An update that solves three vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1098017,1113978,1118897,1118898,1118899,1119634,1119706
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875
Sources used:
openSUSE Leap 42.3 (src):    go1.11-1.11.4-2.1
openSUSE Leap 15.0 (src):    go1.11-1.11.4-lp150.2.1
Comment 15 Swamp Workflow Management 2018-12-21 17:09:58 UTC
SUSE-SU-2018:4218-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1118897,1118898,1118899
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875
Sources used:
SUSE CaaS Platform 3.0 (src):    caasp-cli-3.0.0+20180515.git_r38_7843d12-3.3.1, cni-plugins-0.6.0-4.3.1, container-feeder-3.0.0+20181105.git_r90_c54fd18-3.9.1, containerd-kubic-0.2.9+gitr706_06b9cb351610-5.3.1, cri-o-1.10.6-4.11.1, cri-tools-1.0.0beta2-3.6.1, docker-kubic-17.09.1_ce-7.3.1, docker-runc-kubic-1.0.0rc4+gitr3338_3f2f8b84a77f-5.3.1, etcd-3.3.1-3.3.1, golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2066_7b2b1feb1de4-3.3.1, helm-2.8.2-3.3.1, kubernetes-1.10.11-4.11.1, libcontainers-storage-0+git26204-3.3.1, podman-0.8.5-3.6.1, runc-1.0.0~rc5-3.3.1
Comment 16 Swamp Workflow Management 2018-12-22 23:09:21 UTC
openSUSE-SU-2018:4255-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1082409,1098017,1113978,1118897,1118898,1118899,1119634,1119706
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875
Sources used:
openSUSE Leap 42.3 (src):    go1.10-1.10.7-5.1
Comment 17 Swamp Workflow Management 2018-12-28 23:14:22 UTC
SUSE-SU-2018:4297-1: An update that solves four vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 1047218,1074971,1080978,1081495,1084533,1086185,1094680,1095817,1098017,1102522,1104821,1105000,1108038,1113313,1113978,1114209,1118897,1118898,1118899,1119634,1119706
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2018-7187
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    containerd-1.1.2-5.3.4, docker-18.06.1_ce-6.8.2, docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4, go-1.10.4-3.6.2, go1.10-1.10.7-1.5.3, golang-github-docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5, golang-packaging-15.0.11-3.3.2
SUSE Linux Enterprise Module for Containers 15 (src):    containerd-1.1.2-5.3.4, docker-18.06.1_ce-6.8.2, docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4, golang-github-docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5
Comment 18 Swamp Workflow Management 2018-12-29 14:16:36 UTC
openSUSE-SU-2018:4306-1: An update that solves four vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 1047218,1074971,1080978,1081495,1084533,1086185,1094680,1095817,1098017,1102522,1104821,1105000,1108038,1113313,1113978,1114209,1118897,1118898,1118899,1119634,1119706
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2018-7187
Sources used:
openSUSE Leap 15.0 (src):    containerd-1.1.2-lp150.4.3.1, containerd-kubic-1.1.2-lp150.4.3.1, docker-18.06.1_ce-lp150.5.6.1, docker-kubic-18.06.1_ce-lp150.5.6.1, docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1, docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1, go-1.10.4-lp150.2.7.1, go1.10-1.10.7-lp150.2.1, golang-github-docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1, golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1, golang-packaging-15.0.11-lp150.2.3.1
Comment 21 Swamp Workflow Management 2019-01-09 20:13:12 UTC
SUSE-SU-2019:0048-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1116182,1118897,1118898,1118899,1120762
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875
Sources used:
SUSE Linux Enterprise Module for Containers 15 (src):    helm-mirror-0.2.1-1.7.1
Comment 23 Flavio Castelli 2019-01-30 14:46:55 UTC
The fixes have been pushed out.
Comment 26 Swamp Workflow Management 2019-02-07 17:10:14 UTC
SUSE-SU-2019:0286-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1001161,1112980,1115464,1118897,1118898,1118899,1118990,1121412
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    containerd-1.1.2-5.6.1, docker-18.09.0_ce-6.11.2, docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1, golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1
SUSE Linux Enterprise Module for Containers 15 (src):    containerd-1.1.2-5.6.1, docker-18.09.0_ce-6.11.2, docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1, golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1
Comment 27 Swamp Workflow Management 2019-02-12 11:10:43 UTC
SUSE-SU-2019:0330-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1095184,1118897,1121850
CVE References: CVE-2018-16873,CVE-2018-16886
Sources used:
SUSE CaaS Platform 3.0 (src):    etcd-3.3.11-3.6.1
Comment 28 Swamp Workflow Management 2019-02-12 15:10:11 UTC
This is an autogenerated message for OBS integration:
This bug (1118897) was mentioned in
https://build.opensuse.org/request/show/674127 Backports:SLE-15 / runc
https://build.opensuse.org/request/show/674128 15.0 / runc
Comment 29 Swamp Workflow Management 2019-02-13 20:09:25 UTC
openSUSE-SU-2019:0170-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1095817,1118897,1118898,1118899,1121967
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736
Sources used:
openSUSE Backports SLE-15 (src):    runc-1.0.0~rc6-bp150.2.3.1
Comment 30 Swamp Workflow Management 2019-02-16 11:11:34 UTC
openSUSE-SU-2019:0189-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1001161,1112980,1115464,1118897,1118898,1118899,1118990,1121412
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875
Sources used:
openSUSE Leap 15.0 (src):    containerd-1.1.2-lp150.4.6.1, docker-18.09.0_ce-lp150.5.9.1, docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1, golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1
Comment 32 Swamp Workflow Management 2019-02-19 14:14:27 UTC
openSUSE-SU-2019:0208-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1095817,1118897,1118898,1118899,1121967
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736
Sources used:
openSUSE Leap 15.0 (src):    runc-1.0.0~rc6-lp150.2.3.1
Comment 36 Swamp Workflow Management 2019-02-26 20:11:26 UTC
SUSE-SU-2019:0495-1: An update that solves four vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1048046,1051429,1114832,1118897,1118898,1118899,1121967,1124308
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    containerd-1.2.2-5.9.1, docker-18.09.1_ce-6.14.1, docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1, golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1
SUSE Linux Enterprise Module for Containers 15 (src):    containerd-1.2.2-5.9.1, docker-18.09.1_ce-6.14.1, docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1, golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1
Comment 37 Swamp Workflow Management 2019-02-27 11:01:28 UTC
This is an autogenerated message for OBS integration:
This bug (1118897) was mentioned in
https://build.opensuse.org/request/show/679777 Factory / go1.11
Comment 38 Swamp Workflow Management 2019-03-06 20:11:24 UTC
openSUSE-SU-2019:0295-1: An update that solves four vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1048046,1051429,1114832,1118897,1118898,1118899,1121967,1124308
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736
Sources used:
openSUSE Leap 15.0 (src):    containerd-1.2.2-lp150.4.10.1, docker-18.09.1_ce-lp150.5.13.1, docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1, golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1, runc-1.0.0~rc6-lp150.2.7.1
Comment 39 Swamp Workflow Management 2019-03-08 17:10:11 UTC
SUSE-SU-2019:0573-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1001161,1048046,1051429,1112980,1114832,1118897,1118898,1118899,1121412,1121967,1124308
CVE References: CVE-2016-9962,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736
Sources used:
SUSE OpenStack Cloud 6-LTSS (src):    containerd-1.2.2-16.14.2, docker-18.09.1_ce-98.34.2, docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2, golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2
SUSE Linux Enterprise Module for Containers 12 (src):    containerd-1.2.2-16.14.2, docker-18.09.1_ce-98.34.2, docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2, golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2
Comment 40 Swamp Workflow Management 2019-03-25 11:11:09 UTC
This is an autogenerated message for OBS integration:
This bug (1118897) was mentioned in
https://build.opensuse.org/request/show/688187 Factory / go1.12
Comment 44 Swamp Workflow Management 2019-03-29 23:21:26 UTC
openSUSE-SU-2019:1079-1: An update that solves four vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1001161,1048046,1051429,1112980,1114832,1118897,1118898,1118899,1121412,1121967,1124308
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736
Sources used:
openSUSE Leap 42.3 (src):    containerd-1.2.2-22.1, containerd-kubic-1.2.2-22.1, docker-18.09.1_ce-54.1, docker-kubic-18.09.1_ce-54.1, docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-11.1, docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-11.1, golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-11.1, golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-11.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 48 Swamp Workflow Management 2019-05-14 22:39:25 UTC
SUSE-SU-2019:1234-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1114209,1114832,1118897,1118898,1118899,1121397,1121967,1123013,1128376,1128746,1134068
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736,CVE-2019-6486
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    containerd-1.2.5-5.13.1, docker-18.09.6_ce-6.17.1, docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1, go-1.12-3.10.1, go1.11-1.11.9-1.12.1, go1.12-1.12.4-1.9.1, golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1
SUSE Linux Enterprise Module for Containers 15 (src):    containerd-1.2.5-5.13.1, docker-18.09.6_ce-6.17.1, docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1, golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 49 Swamp Workflow Management 2019-05-16 13:40:55 UTC
SUSE-SU-2019:1264-1: An update that solves four vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1114209,1114832,1118897,1118898,1118899,1121397,1123013,1128376,1128746,1134068
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-6486
Sources used:
SUSE Linux Enterprise Module for Containers 12 (src):    containerd-1.2.5-16.17.2, docker-18.09.6_ce-98.37.1, docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1, golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1
SUSE CaaS Platform 3.0 (src):    containerd-kubic-1.2.5-16.17.2, docker-kubic-18.09.6_ce-98.37.1, docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1, golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1
OpenStack Cloud Magnum Orchestration 7 (src):    containerd-1.2.5-16.17.2, docker-18.09.6_ce-98.37.1, docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1, golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 50 Swamp Workflow Management 2019-05-27 10:11:57 UTC
openSUSE-SU-2019:1444-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1114209,1114832,1118897,1118898,1118899,1121397,1121967,1123013,1128376,1128746,1134068
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736,CVE-2019-6486
Sources used:
openSUSE Leap 15.1 (src):    containerd-1.2.5-lp151.2.3.1, docker-18.09.6_ce-lp151.2.3.1, docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1, go-1.12-lp151.2.3.1, go1.11-1.11.9-lp151.2.3.1, go1.12-1.12.4-lp151.2.3.1, golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1
Comment 51 Swamp Workflow Management 2019-06-03 13:12:51 UTC
openSUSE-SU-2019:1499-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1114209,1114832,1118897,1118898,1118899,1121397,1121967,1123013,1128376,1128746,1134068
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736,CVE-2019-6486
Sources used:
openSUSE Leap 15.0 (src):    containerd-1.2.5-lp150.4.14.3, docker-18.09.6_ce-lp150.5.17.2, docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2, go-1.12-lp150.2.11.1, go1.11-1.11.9-lp150.9.3, go1.12-1.12.4-lp150.2.2, golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1
Comment 52 Swamp Workflow Management 2019-06-03 16:11:36 UTC
openSUSE-SU-2019:1506-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1114209,1114832,1118897,1118898,1118899,1121397,1121967,1123013,1128376,1128746,1134068
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736,CVE-2019-6486
Sources used:
openSUSE Backports SLE-15 (src):    go-1.12-bp150.2.6.1
Comment 54 Swamp Workflow Management 2019-06-12 18:30:09 UTC
This is an autogenerated message for OBS integration:
This bug (1118897) was mentioned in
https://build.opensuse.org/request/show/709541 Backports:SLE-12-SP3 / helm
Comment 55 Swamp Workflow Management 2019-06-13 19:12:14 UTC
SUSE-SU-2019:1234-2: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1114209,1114832,1118897,1118898,1118899,1121397,1121967,1123013,1128376,1128746,1134068
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736,CVE-2019-6486
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    containerd-1.2.5-5.13.1, docker-18.09.6_ce-6.17.1, docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1, go-1.12-3.10.1, go1.11-1.11.9-1.12.1, go1.12-1.12.4-1.9.1, golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1
SUSE Linux Enterprise Module for Containers 15-SP1 (src):    containerd-1.2.5-5.13.1, docker-18.09.6_ce-6.17.1, docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1, golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 56 Swamp Workflow Management 2019-07-03 17:10:07 UTC
This is an autogenerated message for OBS integration:
This bug (1118897) was mentioned in
https://build.opensuse.org/request/show/713277 Backports:SLE-12-SP3 / helm
Comment 57 Swamp Workflow Management 2019-07-04 16:11:45 UTC
SUSE-SU-2019:0048-2: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1116182,1118897,1118898,1118899,1120762
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875
Sources used:
SUSE Linux Enterprise Module for Containers 15-SP1 (src):    helm-mirror-0.2.1-1.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 58 Swamp Workflow Management 2019-07-14 10:10:47 UTC
openSUSE-SU-2019:1703-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1118897,1118898,1118899
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    helm-2.13.1-5.1
Comment 64 Swamp Workflow Management 2020-01-13 23:16:10 UTC
SUSE-FU-2020:0089-1: An update that has 11 feature fixes can now be installed.

Category: feature (moderate)
Bug References: 1100838,1118897,1118898,1118899,1143813,1144065,1146991,1147142,1152861,1155810,1156646
CVE References: 
Sources used:
SUSE CaaS Platform 4.0 (src):    caasp-release-4.1.0-24.9.1, conmon-2.0.0-1.7.1, cri-o-1.16.0-3.22.2, cri-tools-1.16.1-3.7.1, helm-2.16.1-3.7.1, kubernetes-1.16.2-4.7.1, patterns-caasp-Node-1.15-1.16-1.2-3.11.1, patterns-caasp-Node-1.16-1.2-3.11.2, release-notes-caasp-4.1.20191218-4.16.2, skuba-1.2.1-3.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 65 Swamp Workflow Management 2020-04-26 19:16:50 UTC
openSUSE-SU-2020:0554-1: An update that solves 7 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 1039663,1042383,1042387,1057277,1059207,1061027,1065972,1069469,1084765,1084766,1085009,1086185,1086412,1095131,1095154,1096773,1097473,1100838,1101010,1104598,1104821,1112980,1118897,1118898,1136403,1144065,1155323,1161056,1161179
CVE References: CVE-2016-5195,CVE-2016-8859,CVE-2017-1002101,CVE-2018-1002105,CVE-2018-16873,CVE-2018-16874,CVE-2019-10214
Sources used:
openSUSE Leap 15.1 (src):    cri-o-1.17.1-lp151.2.2, cri-tools-1.18.0-lp151.2.1, go1.14-1.14-lp151.6.1, kubernetes-1.18.0-lp151.5.1
Comment 69 Swamp Workflow Management 2021-04-30 16:19:11 UTC
SUSE-SU-2021:1458-1: An update that solves 9 vulnerabilities and has 23 fixes is now available.

Category: security (important)
Bug References: 1028638,1034053,1048046,1051429,1053532,1095817,1118897,1118898,1118899,1121967,1131314,1131553,1149954,1152308,1160452,1168481,1175081,1175821,1181594,1181641,1181677,1181730,1181732,1181749,1182451,1182476,1182947,1183024,1183397,1183855,1184768,1184962
CVE References: CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-16884,CVE-2019-19921,CVE-2019-5736,CVE-2021-21284,CVE-2021-21285,CVE-2021-21334
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Containers 12 (src):    containerd-1.4.4-16.38.1, docker-20.10.6_ce-98.66.1, runc-1.0.0~rc93-16.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.