[El-errata] ELSA-2014-3095 Critical: Oracle Linux 7 docker security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Dec 5 09:19:27 PST 2014
Oracle Linux Security Advisory ELSA-2014-3095
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
Description of changes:
- Rename requirement of docker-io-pkg-devel in %package devel as
- Rename as docker
- Restore SysV init scripts for Oracle Linux 6
- Update source to 1.3.2 from
Prevent host privilege escalation from an image extraction
Prevent container escalation from malicious security options applied
to images (CVE-2014-6408).
The `--insecure-registry` flag of the `docker run` command has
undergone several refinements and additions.
You can now specify a sub-net in order to set a range of registries
which the Docker daemon will consider insecure.
By default, Docker now defines `localhost` as an insecure registry.
Registries can now be referenced using the Classless Inter-Domain
Routing (CIDR) format.
When mirroring is enabled, the experimental registry v2 API is skipped.
- Remove pandoc from build reqs
- update to v1.3.1
- Resolves: rhbz#1153936 - update to v1.3.0
- don't install zsh files
- iptables=false => ip-masq=false
- Resolves: rhbz#1149882 - systemd unit and socket file updates
- Resolves: rhbz#1139415 - correct path for bash completion
- versioned provides for docker
- golang versioned requirements for devel and pkg-devel
- remove macros from changelog
- don't own dirs owned by vim, systemd, bash
- Resolves: rhbz#1145660 - support /etc/sysconfig/docker-storage
From: Colin Walters <walters at redhat.com>
- patch to ignore selinux if it's disabled
From: Dan Walsh <dwalsh at redhat.com>
- Provides docker only for f21 and above
- Resolves: rhbz#1132824 - update to v1.2.0
More information about the El-errata