Security update for docker
Announcement ID: | SUSE-SU-2015:0082-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves three vulnerabilities and has two security fixes can now be installed.
Description:
This docker version upgrade fixes the following security and non security issues, and adds the also additional features:
- Updated to 1.4.1 (2014-12-15):
-
Runtime:
- Fix issue with volumes-from and bind mounts not being honored after create (fixes bnc#913213)
-
Added e2fsprogs as runtime dependency, this is required when the devicemapper driver is used. (bnc#913211).
-
Fixed owner & group for docker.socket (thanks to Andrei Dziahel and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555#5)
-
Updated to 1.4.0 (2014-12-11):
- Notable Features since 1.3.0:
- Set key=value labels to the daemon (displayed in
docker info
), applied with new-label
daemon flag - Add support for
ENV
in Dockerfile of the form:ENV name=value name2=value2...
- New Overlayfs Storage Driver
docker info
now returns anID
andName
field- Filter events by event name, container, or image
docker cp
now supports copying from container volumes- Fixed
docker tag
, so it honors--force
when overriding a tag for existing image.
- Set key=value labels to the daemon (displayed in
- Changes introduced by 1.3.3 (2014-12-11):
- Security:
- Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709)
- Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710)
- Validate image IDs (CVE-2014-9358) - (bnc#909712)
- Runtime:
- Fix an issue when image archives are being read slowly
- Client:
- Fix a regression related to stdin redirection
- Fix a regression with
docker cp
when destination is the current directory
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 12
zypper in -t patch SUSE-SLE-SERVER-12-2015-28=1
-
SUSE Linux Enterprise Server for SAP Applications 12
zypper in -t patch SUSE-SLE-SERVER-12-2015-28=1
Package List:
-
SUSE Linux Enterprise Server 12 (x86_64)
- docker-debuginfo-1.4.1-16.1
- docker-debugsource-1.4.1-16.1
- docker-1.4.1-16.1
-
SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
- docker-debuginfo-1.4.1-16.1
- docker-debugsource-1.4.1-16.1
- docker-1.4.1-16.1
References:
- https://www.suse.com/security/cve/CVE-2014-9356.html
- https://www.suse.com/security/cve/CVE-2014-9357.html
- https://www.suse.com/security/cve/CVE-2014-9358.html
- https://bugzilla.suse.com/show_bug.cgi?id=909709
- https://bugzilla.suse.com/show_bug.cgi?id=909710
- https://bugzilla.suse.com/show_bug.cgi?id=909712
- https://bugzilla.suse.com/show_bug.cgi?id=913211
- https://bugzilla.suse.com/show_bug.cgi?id=913213