[El-errata] ELSA-2015-3037 Important: Oracle Linux 6 docker security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu May 21 06:26:25 PDT 2015


Oracle Linux Security Advisory ELSA-2015-3037

http://linux.oracle.com/errata/ELSA-2015-3037.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
docker-1.6.1-1.0.1.el6.x86_64.rpm
docker-devel-1.6.1-1.0.1.el6.x86_64.rpm
docker-pkg-devel-1.6.1-1.0.1.el6.x86_64.rpm
docker-fish-completion-1.6.1-1.0.1.el6.x86_64.rpm
docker-logrotate-1.6.1-1.0.1.el6.x86_64.rpm
docker-vim-1.6.1-1.0.1.el6.x86_64.rpm
docker-zsh-completion-1.6.1-1.0.1.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/docker-1.6.1-1.0.1.el6.src.rpm



Description of changes:

[1.6.1-1.0.1]
- Update source to 1.6.1 from 
https://github.com/docker/docker/releases/tag/v1.6.1
   Symlink traversal on container respawn allows local privilege 
escalation (CVE-2015-3629)
   Insecure opening of file-descriptor 1 leading to privilege escalation 
(CVE-2015-3627)
   Read/write proc paths allow host modification & information 
disclosure (CVE-2015-3630)
   Volume mounts allow LSM profile escalation (CVE-2015-3631)
   AppArmor policy improvements




More information about the El-errata mailing list