ELSA-2015-3037

ELSA-2015-3037 - docker security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2015-05-20

Description

[1.6.1-1.0.1]
- Update source to 1.6.1 from https://github.com/docker/docker/releases/tag/v1.6.1
Symlink traversal on container respawn allows local privilege escalation (CVE-2015-3629)
Insecure opening of file-descriptor 1 leading to privilege escalation (CVE-2015-3627)
Read/write proc paths allow host modification & information disclosure (CVE-2015-3630)
Volume mounts allow LSM profile escalation (CVE-2015-3631)
AppArmor policy improvements

Related CVEs

CVE-2015-3629

CVE-2015-3627

CVE-2015-3630

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 6 (x86_64)	docker-1.6.1-1.0.1.el6.src.rpm	1cc1c671a47698b4c639a48c5a7c2226	-
	docker-1.6.1-1.0.1.el6.x86_64.rpm	19c39b58483e299638e3d59c67644c8d	-
	docker-devel-1.6.1-1.0.1.el6.x86_64.rpm	563432526bc2b1d79fa20965aed252a4	-
	docker-logrotate-1.6.1-1.0.1.el6.x86_64.rpm	e5056a4276d773bcafed214806d58967	-
	docker-pkg-devel-1.6.1-1.0.1.el6.x86_64.rpm	168babddb94e900de88eb26efa28a3f2	-
	docker-vim-1.6.1-1.0.1.el6.x86_64.rpm	029ed52f88420be8831b8fb379b12e6b	-
	docker-zsh-completion-1.6.1-1.0.1.el6.x86_64.rpm	c95ca3613ed0a84acc8d5950a8144d90	-
Oracle Linux 7 (x86_64)	docker-1.6.1-1.0.1.el7.src.rpm	bc056a26cac345a10f4a4a947cbe90e4	-
	docker-1.6.1-1.0.1.el7.x86_64.rpm	b3cf46cb32f176ec18f4a6ac80a9d8bd	-
	docker-devel-1.6.1-1.0.1.el7.x86_64.rpm	eec01d27b0ed50b1044ff1334e9e9ca9	-
	docker-logrotate-1.6.1-1.0.1.el7.x86_64.rpm	9370fade6f4db7c7a0496a5af8635134	-
	docker-pkg-devel-1.6.1-1.0.1.el7.x86_64.rpm	caceac5d3ea89010ac899375ad697974	-
	docker-vim-1.6.1-1.0.1.el7.x86_64.rpm	4a4c3583443fce8549467714d220e044	-
	docker-zsh-completion-1.6.1-1.0.1.el7.x86_64.rpm	7a656243ccdddd1591fd3aa482197daf	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team