Security update for docker SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1773-1 Final 1 1 2015-10-13T21:53:36Z current 2015-10-13T21:53:36Z 2015-10-13T21:53:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for docker Docker was updated to 1.8.3 to fix two security issues. The following vulnerabilities were fixed: * CVE-2014-8178: layer IDs lead to local graph poisoning (boo#949660) * CVE-2014-8179: manifest validation and parsing logic errors allow pull-by-digest validation bypass In addition, the following change is included: * --disable-legacy-registry to prevent a daemon from using a v1 registry The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html E-Mail link for openSUSE-SU-2015:1773-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 docker-1.8.3-43.1 docker-bash-completion-1.8.3-43.1 docker-debuginfo-1.8.3-43.1 docker-debugsource-1.8.3-43.1 docker-test-1.8.3-43.1 docker-zsh-completion-1.8.3-43.1 docker-1.8.3-43.1 as a component of openSUSE 13.2 docker-bash-completion-1.8.3-43.1 as a component of openSUSE 13.2 docker-debuginfo-1.8.3-43.1 as a component of openSUSE 13.2 docker-debugsource-1.8.3-43.1 as a component of openSUSE 13.2 docker-test-1.8.3-43.1 as a component of openSUSE 13.2 docker-zsh-completion-1.8.3-43.1 as a component of openSUSE 13.2 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2014-8178 openSUSE 13.2:docker-1.8.3-43.1 openSUSE 13.2:docker-bash-completion-1.8.3-43.1 openSUSE 13.2:docker-debuginfo-1.8.3-43.1 openSUSE 13.2:docker-debugsource-1.8.3-43.1 openSUSE 13.2:docker-test-1.8.3-43.1 openSUSE 13.2:docker-zsh-completion-1.8.3-43.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html https://www.suse.com/security/cve/CVE-2014-8178.html CVE-2014-8178 https://bugzilla.suse.com/949660 SUSE Bug 949660 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2014-8179 openSUSE 13.2:docker-1.8.3-43.1 openSUSE 13.2:docker-bash-completion-1.8.3-43.1 openSUSE 13.2:docker-debuginfo-1.8.3-43.1 openSUSE 13.2:docker-debugsource-1.8.3-43.1 openSUSE 13.2:docker-test-1.8.3-43.1 openSUSE 13.2:docker-zsh-completion-1.8.3-43.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html https://www.suse.com/security/cve/CVE-2014-8179.html CVE-2014-8179 https://bugzilla.suse.com/949660 SUSE Bug 949660