ELSA-2015-3037

ELSA-2015-3037 - docker security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2015-05-20

Description


[1.6.1-1.0.1]
- Update source to 1.6.1 from https://github.com/docker/docker/releases/tag/v1.6.1
Symlink traversal on container respawn allows local privilege escalation (CVE-2015-3629)
Insecure opening of file-descriptor 1 leading to privilege escalation (CVE-2015-3627)
Read/write proc paths allow host modification & information disclosure (CVE-2015-3630)
Volume mounts allow LSM profile escalation (CVE-2015-3631)
AppArmor policy improvements


Related CVEs


CVE-2015-3629
CVE-2015-3627
CVE-2015-3630

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (x86_64) docker-1.6.1-1.0.1.el6.src.rpm1cc1c671a47698b4c639a48c5a7c2226-
docker-1.6.1-1.0.1.el6.x86_64.rpm19c39b58483e299638e3d59c67644c8d-
docker-devel-1.6.1-1.0.1.el6.x86_64.rpm563432526bc2b1d79fa20965aed252a4-
docker-logrotate-1.6.1-1.0.1.el6.x86_64.rpme5056a4276d773bcafed214806d58967-
docker-pkg-devel-1.6.1-1.0.1.el6.x86_64.rpm168babddb94e900de88eb26efa28a3f2-
docker-vim-1.6.1-1.0.1.el6.x86_64.rpm029ed52f88420be8831b8fb379b12e6b-
docker-zsh-completion-1.6.1-1.0.1.el6.x86_64.rpmc95ca3613ed0a84acc8d5950a8144d90-
Oracle Linux 7 (x86_64) docker-1.6.1-1.0.1.el7.src.rpmbc056a26cac345a10f4a4a947cbe90e4-
docker-1.6.1-1.0.1.el7.x86_64.rpmb3cf46cb32f176ec18f4a6ac80a9d8bd-
docker-devel-1.6.1-1.0.1.el7.x86_64.rpmeec01d27b0ed50b1044ff1334e9e9ca9-
docker-logrotate-1.6.1-1.0.1.el7.x86_64.rpm9370fade6f4db7c7a0496a5af8635134-
docker-pkg-devel-1.6.1-1.0.1.el7.x86_64.rpmcaceac5d3ea89010ac899375ad697974-
docker-vim-1.6.1-1.0.1.el7.x86_64.rpm4a4c3583443fce8549467714d220e044-
docker-zsh-completion-1.6.1-1.0.1.el7.x86_64.rpm7a656243ccdddd1591fd3aa482197daf-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete