Security update for docker (important)

2015-10-1513:26:51

lists.opensuse.org

0.002 Low

EPSS

Percentile

56.2%

JSON

docker was updated to version 1.8.3 to fix two security issues.

These security issues were fixed:

CVE-2014-8178: Manipulated layer IDs could have lead to local graph
poisoning (bsc#949660).
CVE-2014-8179: Manifest validation and parsing logic errors allowed
pull-by-digest validation bypass (bsc#949660).

This non-security issues was fixed:

Add --disable-legacy-registry to prevent a daemon from using a v1
registry

More information about docker 1.8.3 can be found at
<a href=“https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/”>https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/</a>

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Module for Containers12x86_64docker< 1.8.3-49.1docker-1.8.3-49.1.x86_64.rpm
SUSE Linux Enterprise Module for Containers12x86_64docker-debuginfo< 1.8.3-49.1docker-debuginfo-1.8.3-49.1.x86_64.rpm
SUSE Linux Enterprise Module for Containers12x86_64docker-debugsource< 1.8.3-49.1docker-debugsource-1.8.3-49.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Module for Containers	12	x86_64	docker	< 1.8.3-49.1	docker-1.8.3-49.1.x86_64.rpm
SUSE Linux Enterprise Module for Containers	12	x86_64	docker-debuginfo	< 1.8.3-49.1	docker-debuginfo-1.8.3-49.1.x86_64.rpm
SUSE Linux Enterprise Module for Containers	12	x86_64	docker-debugsource	< 1.8.3-49.1	docker-debugsource-1.8.3-49.1.x86_64.rpm