Описание
ELSA-2014-3110: docker security update (IMPORTANT)
[1.3.3-1.0.1]
- Rename requirement of docker-io-pkg-devel in %package devel as docker-pkg-devel
- Restore SysV init scripts for Oracle Linux 6
- Require Oracle Unbreakable Enterprise Kernel Release 3 or higher
- Rename as docker.
- Re-enable btrfs graphdriver support
[1.3.3-1]
- Update source to 1.3.3 from https://github.com/docker/docker/releases/tag/v1.3.3 Path traversal during processing of absolute symlinks (CVE-2014-9356) Escalation of privileges during decompression of LZMA (.xz) archives (CVE-2014-9357)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
docker
1.3.3-1.0.1.el6
docker-devel
1.3.3-1.0.1.el6
docker-pkg-devel
1.3.3-1.0.1.el6
Oracle Linux 7
Oracle Linux x86_64
docker
1.3.3-1.0.1.el7
docker-devel
1.3.3-1.0.1.el7
docker-pkg-devel
1.3.3-1.0.1.el7
Связанные CVE
Связанные уязвимости
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
Docker before 1.3.3 does not properly validate image IDs, which allows ...