Security update for docker

Announcement ID:	SUSE-SU-2015:0984-1
Rating:	moderate
References:	bsc#930235 bsc#931301
Cross-References:	CVE-2015-3627 CVE-2015-3629 CVE-2015-3630 CVE-2015-3631
CVSS scores:	CVE-2015-3629 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12

An update that solves four vulnerabilities can now be installed.

Description:

The Linux container runtime environment Docker was updated to version 1.6.2 to fix several security and non-security issues.

• Security:
• Fix read/write /proc paths. (CVE-2015-3630)
• Prohibit VOLUME /proc and VOLUME /. (CVE-2015-3631)
• Fix opening of file-descriptor 1. (CVE-2015-3627)

• Fix symlink traversal on container respawn allowing local privilege escalation. (CVE-2015-3629)

• Runtime:

• Update Apparmor policy to not allow mounts.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-230=1
• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-230=1

Package List:

• SUSE Linux Enterprise Server 12 (x86_64)
  • docker-1.6.2-31.2
  • docker-debuginfo-1.6.2-31.2
  • docker-debugsource-1.6.2-31.2
• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • docker-1.6.2-31.2
  • docker-debuginfo-1.6.2-31.2
  • docker-debugsource-1.6.2-31.2

References:

• https://www.suse.com/security/cve/CVE-2015-3627.html
• https://www.suse.com/security/cve/CVE-2015-3629.html
• https://www.suse.com/security/cve/CVE-2015-3630.html
• https://www.suse.com/security/cve/CVE-2015-3631.html
• https://bugzilla.suse.com/show_bug.cgi?id=930235
• https://bugzilla.suse.com/show_bug.cgi?id=931301