Security update for docker
SUSE Security Update: Security update for docker
issues, and adds the also additional features:
- Updated to 1.4.1 (2014-12-15):
* Runtime:
- Fix issue with volumes-from and bind mounts not being honored after
create (fixes bnc#913213)
- Added e2fsprogs as runtime dependency, this is required when the
devicemapper driver is used. (bnc#913211).
- Fixed owner & group for docker.socket (thanks to Andrei Dziahel and
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555#5)
- Updated to 1.4.0 (2014-12-11):
* Notable Features since 1.3.0:
- Set key=value labels to the daemon (displayed in `docker info`),
applied with new `-label` daemon flag
- Add support for `ENV` in Dockerfile of the form: `ENV name=value
name2=value2...`
- New Overlayfs Storage Driver
- `docker info` now returns an `ID` and `Name` field
- Filter events by event name, container, or image
- `docker cp` now supports copying from container volumes
- Fixed `docker tag`, so it honors `--force` when overriding a tag for
existing image.
- Changes introduced by 1.3.3 (2014-12-11):
* Security:
- Fix path traversal vulnerability in processing of absolute symbolic
links (CVE-2014-9356) - (bnc#909709)
- Fix decompression of xz image archives, preventing privilege
escalation (CVE-2014-9357) - (bnc#909710)
- Validate image IDs (CVE-2014-9358) - (bnc#909712)
* Runtime:
- Fix an issue when image archives are being read slowly
* Client:
- Fix a regression related to stdin redirection
- Fix a regression with `docker cp` when destination is the current
directory
Announcement ID: | SUSE-SU-2015:0082-1 |
Rating: | moderate |
References: | #909709 #909710 #909712 #913211 #913213 |
Affected Products: |
An update that solves three vulnerabilities and has two fixes is now available.
Description:
This docker version upgrade fixes the following security and non securityissues, and adds the also additional features:
- Updated to 1.4.1 (2014-12-15):
* Runtime:
- Fix issue with volumes-from and bind mounts not being honored after
create (fixes bnc#913213)
- Added e2fsprogs as runtime dependency, this is required when the
devicemapper driver is used. (bnc#913211).
- Fixed owner & group for docker.socket (thanks to Andrei Dziahel and
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555#5)
- Updated to 1.4.0 (2014-12-11):
* Notable Features since 1.3.0:
- Set key=value labels to the daemon (displayed in `docker info`),
applied with new `-label` daemon flag
- Add support for `ENV` in Dockerfile of the form: `ENV name=value
name2=value2...`
- New Overlayfs Storage Driver
- `docker info` now returns an `ID` and `Name` field
- Filter events by event name, container, or image
- `docker cp` now supports copying from container volumes
- Fixed `docker tag`, so it honors `--force` when overriding a tag for
existing image.
- Changes introduced by 1.3.3 (2014-12-11):
* Security:
- Fix path traversal vulnerability in processing of absolute symbolic
links (CVE-2014-9356) - (bnc#909709)
- Fix decompression of xz image archives, preventing privilege
escalation (CVE-2014-9357) - (bnc#909710)
- Validate image IDs (CVE-2014-9358) - (bnc#909712)
* Runtime:
- Fix an issue when image archives are being read slowly
* Client:
- Fix a regression related to stdin redirection
- Fix a regression with `docker cp` when destination is the current
directory
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2015-28
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12 (x86_64):
- docker-1.4.1-16.1
- docker-debuginfo-1.4.1-16.1
- docker-debugsource-1.4.1-16.1
References:
- http://support.novell.com/security/cve/CVE-2014-9356.html
- http://support.novell.com/security/cve/CVE-2014-9357.html
- http://support.novell.com/security/cve/CVE-2014-9358.html
- https://bugzilla.suse.com/show_bug.cgi?id=909709
- https://bugzilla.suse.com/show_bug.cgi?id=909710
- https://bugzilla.suse.com/show_bug.cgi?id=909712
- https://bugzilla.suse.com/show_bug.cgi?id=913211
- https://bugzilla.suse.com/show_bug.cgi?id=913213