SUSE-SU-2015:1757-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2015/suse-su-20151757-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1757-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2015:1757-1

Related

Published

2015-10-14T07:53:41Z

Modified

2015-10-14T07:53:41Z

Summary

Security update for docker

Details

docker was updated to version 1.8.3 to fix two security issues.

These security issues were fixed: - CVE-2014-8178: Manipulated layer IDs could have lead to local graph poisoning (bsc#949660). - CVE-2014-8179: Manifest validation and parsing logic errors allowed pull-by-digest validation bypass (bsc#949660).

This non-security issues was fixed: - Add --disable-legacy-registry to prevent a daemon from using a v1 registry

More information about docker 1.8.3 can be found at https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/

References

Affected packages

SUSE:Linux Enterprise Module for Containers 12 / docker

Package

Name: docker
Purl: pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.3-49.1

Ecosystem specific

{
    "binaries": [
        {
            "docker": "1.8.3-49.1"
        }
    ]
}