[El-errata] ELSA-2014-3095 Critical: Oracle Linux 7 docker security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Dec 5 09:19:27 PST 2014 

Oracle Linux Security Advisory ELSA-2014-3095

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
docker-1.3.2-1.0.1.el7.x86_64.rpm
docker-devel-1.3.2-1.0.1.el7.x86_64.rpm
docker-pkg-devel-1.3.2-1.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/docker-1.3.2-1.0.1.el7.src.rpm



Description of changes:

[1.3.2-1.0.1]
- Rename requirement of docker-io-pkg-devel in %package devel as 
docker-pkg-devel
- Rename as docker
- Restore SysV init scripts for Oracle Linux 6

[1.3.2-1]
- Update source to 1.3.2 from 
https://github.com/docker/docker/releases/tag/v1.3.2
   Prevent host privilege escalation from an image extraction 
vulnerability (CVE-2014-6407).
   Prevent container escalation from malicious security options applied 
to images (CVE-2014-6408).
   The `--insecure-registry` flag of the `docker run` command has 
undergone several refinements and additions.
   You can now specify a sub-net in order to set a range of registries 
which the Docker daemon will consider insecure.
   By default, Docker now defines `localhost` as an insecure registry.
   Registries can now be referenced using the Classless Inter-Domain 
Routing (CIDR) format.
   When mirroring is enabled, the experimental registry v2 API is skipped.

[1.3.1-2]
- Remove pandoc from build reqs

[1.3.1-1]
- update to v1.3.1

[1.3.0-1]
- Resolves: rhbz#1153936 - update to v1.3.0
- don't install zsh files
- iptables=false => ip-masq=false

[1.2.0-5]
- Resolves: rhbz#1149882 - systemd unit and socket file updates

[1.2.0-4]
- Resolves: rhbz#1139415 - correct path for bash completion
     /usr/share/bash-completion/completions
- versioned provides for docker
- golang versioned requirements for devel and pkg-devel
- remove macros from changelog
- don't own dirs owned by vim, systemd, bash

[1.2.0-3]
- Resolves: rhbz#1145660 - support /etc/sysconfig/docker-storage
   From: Colin Walters <walters at redhat.com>
- patch to ignore selinux if it's disabled
https://github.com/docker/docker/commit/9e2eb0f1cc3c4ef000e139f1d85a20f0e00971e6
   From: Dan Walsh <dwalsh at redhat.com>

[1.2.0-2]
- Provides docker only for f21 and above

[1.2.0-1]
- Resolves: rhbz#1132824 - update to v1.2.0

More information about the El-errata mailing list