drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in docker-io
Name: |
Mehrere Probleme in docker-io |
|
ID: |
FEDORA-2014-16839 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 21 |
|
Datum: |
Mo, 15. Dezember 2014, 07:40 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9358 |
|
Applikationen: |
Docker |
|
Originalnachricht |
Name : docker-io Product : Fedora 21 Version : 1.4.0 Release : 1.fc21 URL : http://www.docker.com Summary : Automates deployment of containerized applications Description : Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere.
Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container that a developer builds and tests on a laptop will run at scale, in production*, on VMs, bare-metal servers, OpenStack clusters, public instances, or combinations of the above.
------------------------------------------------------------------------------- - Update Information:
Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356 Revert to using upstream v1.3.2 release Resolves: rhbz#1169035, rhbz#1169151 ------------------------------------------------------------------------------- - ChangeLog:
* Thu Dec 11 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.4.0-1 - Resolves: rhbz#1173324 - Resolves: rhbz#1172761 - CVE-2014-9356 - Resolves: rhbz#1172782 - CVE-2014-9357 - Resolves: rhbz#1172787 - CVE-2014-9358 - update to upstream v1.4.0 - override DOCKER_CERT_PATH in sysconfig instead of patching the source - create dockerroot user if doesn't exist prior - update metaprovides * Mon Dec 1 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.3.2-4 - Revert to using upstream v1.3.2 release * Sun Nov 30 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.3.2-3.git353ff40 - Resolves: rhbz#1169035, rhbz#1169151 - bring back golang deps (except libcontainer) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1172761 - CVE-2014-9356 docker: Path traversal during processing of absolute symlinks https://bugzilla.redhat.com/show_bug.cgi?id=1172761 [ 2 ] Bug #1172782 - CVE-2014-9357 docker: Escalation of privileges during decompression of LZMA archives https://bugzilla.redhat.com/show_bug.cgi?id=1172782 [ 3 ] Bug #1172787 - CVE-2014-9358 docker: Path traversal and spoofing opportunities presented through image identifiers https://bugzilla.redhat.com/show_bug.cgi?id=1172787 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update docker-io' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|