Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0984-1

Опубликовано: 19 мая 2015
Источник: suse-cvrf

Описание

Security update for docker

The Linux container runtime environment Docker was updated to version 1.6.2 to fix several security and non-security issues.

  • Security:

    • Fix read/write /proc paths. (CVE-2015-3630)
    • Prohibit VOLUME /proc and VOLUME /. (CVE-2015-3631)
    • Fix opening of file-descriptor 1. (CVE-2015-3627)
    • Fix symlink traversal on container respawn allowing local privilege escalation. (CVE-2015-3629)

  • Runtime:

    • Update Apparmor policy to not allow mounts.

Список пакетов

SUSE Linux Enterprise Server 12
docker-1.6.2-31.2
SUSE Linux Enterprise Server for SAP Applications 12
docker-1.6.2-31.2

Ссылки

Описание

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.

Затронутые продукты
SUSE Linux Enterprise Server 12:docker-1.6.2-31.2
SUSE Linux Enterprise Server for SAP Applications 12:docker-1.6.2-31.2
Ссылки

Описание

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

Затронутые продукты
SUSE Linux Enterprise Server 12:docker-1.6.2-31.2
SUSE Linux Enterprise Server for SAP Applications 12:docker-1.6.2-31.2
Ссылки

Описание

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

Затронутые продукты
SUSE Linux Enterprise Server 12:docker-1.6.2-31.2
SUSE Linux Enterprise Server for SAP Applications 12:docker-1.6.2-31.2
Ссылки

Описание

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.

Затронутые продукты
SUSE Linux Enterprise Server 12:docker-1.6.2-31.2
SUSE Linux Enterprise Server for SAP Applications 12:docker-1.6.2-31.2
Ссылки