[El-errata] ELSA-2015-3037 Important: Oracle Linux 7 docker security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu May 21 06:26:00 PDT 2015
Oracle Linux Security Advisory ELSA-2015-3037
http://linux.oracle.com/errata/ELSA-2015-3037.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
docker-1.6.1-1.0.1.el7.x86_64.rpm
docker-devel-1.6.1-1.0.1.el7.x86_64.rpm
docker-pkg-devel-1.6.1-1.0.1.el7.x86_64.rpm
docker-fish-completion-1.6.1-1.0.1.el7.x86_64.rpm
docker-logrotate-1.6.1-1.0.1.el7.x86_64.rpm
docker-vim-1.6.1-1.0.1.el7.x86_64.rpm
docker-zsh-completion-1.6.1-1.0.1.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/docker-1.6.1-1.0.1.el7.src.rpm
Description of changes:
[1.6.1-1.0.1]
- Update source to 1.6.1 from
https://github.com/docker/docker/releases/tag/v1.6.1
Symlink traversal on container respawn allows local privilege
escalation (CVE-2015-3629)
Insecure opening of file-descriptor 1 leading to privilege escalation
(CVE-2015-3627)
Read/write proc paths allow host modification & information
disclosure (CVE-2015-3630)
Volume mounts allow LSM profile escalation (CVE-2015-3631)
AppArmor policy improvements
More information about the El-errata
mailing list