openSUSE Security Update: Security update for docker ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0905-1 Rating: moderate References: #930235 Cross-References: CVE-2015-3627 CVE-2015-3629 CVE-2015-3630 CVE-2015-3631 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: docker was updated to version 1.6.1 to fix several security and non-security issues. - Updated to version 1.6.1 (2015-05-07) [bnc#930235] * Security - Fix read/write /proc paths (CVE-2015-3630) - Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631) - Fix opening of file-descriptor 1 (CVE-2015-3627) - Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629) - Prohibit mount of /sys * Runtime - Update Apparmor policy to not allow mounts - Updated libcontainer-apparmor-fixes.patch: adapt patch to reflect changes introduced by docker 1.6.1 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-365=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (x86_64): docker-1.6.1-28.1 docker-debuginfo-1.6.1-28.1 docker-debugsource-1.6.1-28.1 - openSUSE 13.2 (noarch): docker-bash-completion-1.6.1-28.1 docker-zsh-completion-1.6.1-28.1 References: https://www.suse.com/security/cve/CVE-2015-3627.html https://www.suse.com/security/cve/CVE-2015-3629.html https://www.suse.com/security/cve/CVE-2015-3630.html https://www.suse.com/security/cve/CVE-2015-3631.html https://bugzilla.suse.com/930235