Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2015-3037

Опубликовано: 20 мая 2015
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2015-3037: docker security update (IMPORTANT)

[1.6.1-1.0.1]

  • Update source to 1.6.1 from https://github.com/docker/docker/releases/tag/v1.6.1 Symlink traversal on container respawn allows local privilege escalation (CVE-2015-3629) Insecure opening of file-descriptor 1 leading to privilege escalation (CVE-2015-3627) Read/write proc paths allow host modification & information disclosure (CVE-2015-3630) Volume mounts allow LSM profile escalation (CVE-2015-3631) AppArmor policy improvements

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

docker

1.6.1-1.0.1.el6

docker-devel

1.6.1-1.0.1.el6

docker-logrotate

1.6.1-1.0.1.el6

docker-pkg-devel

1.6.1-1.0.1.el6

docker-vim

1.6.1-1.0.1.el6

docker-zsh-completion

1.6.1-1.0.1.el6

Oracle Linux 7

Oracle Linux x86_64

docker

1.6.1-1.0.1.el7

docker-devel

1.6.1-1.0.1.el7

docker-logrotate

1.6.1-1.0.1.el7

docker-pkg-devel

1.6.1-1.0.1.el7

docker-vim

1.6.1-1.0.1.el7

docker-zsh-completion

1.6.1-1.0.1.el7

Связанные CVE

CVE-2015-3630
CVE-2015-3627
CVE-2015-3629

Ссылки на источники

Связанные уязвимости

suse-cvrf логотип

SUSE-SU-2015:0984-1

suse-cvrf
около 10 лет назад

Security update for docker

ubuntu логотип

CVE-2015-3630

ubuntu
около 10 лет назад

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

redhat логотип

CVE-2015-3630

redhat
около 10 лет назад

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

nvd логотип

CVE-2015-3630

nvd
около 10 лет назад

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

msrc логотип

CVE-2015-3630

msrc
почти 4 года назад

Описание отсутствует