drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in docker-io
Name: |
Mehrere Probleme in docker-io |
|
ID: |
FEDORA-2015-1128 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
Mo, 26. Januar 2015, 08:09 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9358 |
|
Applikationen: |
Docker |
|
Originalnachricht |
Name : docker-io Product : Fedora 20 Version : 1.4.1 Release : 6.fc20 URL : http://www.docker.com Summary : Automates deployment of containerized applications Description : Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere.
Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container that a developer builds and tests on a laptop will run at scale, in production*, on VMs, bare-metal servers, OpenStack clusters, public instances, or combinations of the above.
------------------------------------------------------------------------------- - Update Information:
run tests inside a docker repo allow unitfile to use /etc/sysconfig/docker-network Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356 ------------------------------------------------------------------------------- - ChangeLog:
* Thu Jan 22 2015 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.4.1-6 - run tests inside a docker repo - use vendored deps itself * Tue Jan 13 2015 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.4.1-5 - Resolves: rhbz#1169593 patch to set DOCKER_CERT_PATH regardless of config file * Thu Jan 8 2015 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.4.1-4 - allow unitfile to use /etc/sysconfig/docker-network - MountFlags private * Fri Dec 19 2014 Dan Walsh <dwalsh@redhat.com> - 1.4.1-3 - Add check to run unit tests * Thu Dec 18 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.4.1-2 - update and rename logrotate cron script - install /etc/sysconfig/docker-network * Wed Dec 17 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.4.1-1 - Resolves: rhbz#1175144 - update to upstream v1.4.1 - Resolves: rhbz#1175097, rhbz#1127570 - subpackages for fish and zsh completion and vim syntax highlighting - Provide subpackage to run logrotate on running containers as a daily cron job * Thu Dec 11 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.4.0-2 - update metaprovides * Thu Dec 11 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.4.0-1 - Resolves: rhbz#1173324 - Resolves: rhbz#1172761 - CVE-2014-9356 - Resolves: rhbz#1172782 - CVE-2014-9357 - Resolves: rhbz#1172787 - CVE-2014-9358 - update to upstream v1.4.0 - override DOCKER_CERT_PATH in sysconfig instead of patching the source - create dockerroot user if doesn't exist prior - update metaprovides * Mon Dec 1 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.3.2-4 - Revert to using upstream v1.3.2 release * Sun Nov 30 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.3.2-3.git353ff40 - Resolves: rhbz#1169035, rhbz#1169151 - bring back golang deps (except libcontainer) * Tue Nov 25 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.3.2-2 - install sources skipped prior * Tue Nov 25 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.3.2-1 - Resolves: rhbz#1167642 - Update to upstream v1.3.2 - Resolves: rhbz#1167505, rhbz#1167507 - CVE-2014-6407 - Resolves: rhbz#1167506 - CVE-2014-6408 - use vendor/ dir for golang deps for this NVR (fix deps soon after) * Wed Nov 19 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.3.1-3 - Resolves: rhbz#1165615 * Fri Oct 31 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.3.1-2 - Remove pandoc from build reqs * Fri Oct 31 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.3.1-1 - update to v1.3.1 * Mon Oct 20 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.3.0-1 - Resolves: rhbz#1153936 - update to v1.3.0 - don't install zsh files - iptables=false => ip-masq=false * Wed Oct 8 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.2.0-5 - Resolves: rhbz#1149882 - systemd unit and socket file updates * Tue Sep 30 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.2.0-4 - Resolves: rhbz#1139415 - correct path for bash completion /usr/share/bash-completion/completions - versioned provides for docker - golang versioned requirements for devel and pkg-devel - remove macros from changelog - don't own dirs owned by vim, systemd, bash * Thu Sep 25 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.2.0-3 - Resolves: rhbz#1145660 - support /etc/sysconfig/docker-storage From: Colin Walters <walters@redhat.com> - patch to ignore selinux if it's disabled https://github.com/docker/docker/commit/9e2eb0f1cc3c4ef000e139f1d85a20f0e00971e6 From: Dan Walsh <dwalsh@redhat.com> * Sun Aug 24 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.2.0-2 - Provides docker only for f21 and above * Sat Aug 23 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.2.0-1 - Resolves: rhbz#1132824 - update to v1.2.0 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1172761 - CVE-2014-9356 docker: Path traversal during processing of absolute symlinks https://bugzilla.redhat.com/show_bug.cgi?id=1172761 [ 2 ] Bug #1172782 - CVE-2014-9357 docker: Escalation of privileges during decompression of LZMA archives https://bugzilla.redhat.com/show_bug.cgi?id=1172782 [ 3 ] Bug #1172787 - CVE-2014-9358 docker: Path traversal and spoofing opportunities presented through image identifiers https://bugzilla.redhat.com/show_bug.cgi?id=1172787 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update docker-io' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|