MGASA-2016-0043
- Source
- https://advisories.mageia.org/MGASA-2016-0043.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0043.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2016-0043
- Related
- Published
- 2016-02-05T17:26:09Z
- Modified
- 2016-02-05T17:14:44Z
- Summary
- Updated docker/golang packages fix security vulnerability
- Details
-
Manipulated layer IDs could have lead to local graph poisoning (CVE-2014-8178).
Manifest validation and parsing logic errors allowed pull-by-digest validation bypass (CVE-2014-8179).
To fix these issues, the golang package has been updated to version 1.4.3 and the docker package has been updated to version 1.9.1.
- References
-
- https://advisories.mageia.org/MGASA-2016-0043.html
- https://bugs.mageia.org/show_bug.cgi?id=16984
- https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/
- http://blog.docker.com/2015/11/docker-1-9-production-ready-swarm-multi-host-networking/
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / docker
Package
- Name
- docker
- Purl
- pkg:rpm/mageia/docker?distro=mageia-5
Mageia:5 / golang
Package
- Name
- golang
- Purl
- pkg:rpm/mageia/golang?distro=mageia-5