Описание
ELSA-2015-3085: docker-engine security update (IMPORTANT)
[1.8.3-1.0.1]
- Enable configuration of Docker daemon via sysconfig [orabug 21804877]
- Add documentation files to binary RPM
[1.8.3]
- Fix layer IDs lead to local graph poisoning (CVE-2014-8178)
- Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
- Add --disable-legacy-registry to prevent a daemon from using a v1 registry
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
docker-engine
1.8.3-1.0.1.el6
Oracle Linux 7
Oracle Linux x86_64
docker-engine
1.8.3-1.0.1.el7
Связанные CVE
Связанные уязвимости
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.