Mailinglist Archive: opensuse-security-announce (27 mails)

< Previous Next >
[security-announce] SUSE-SU-2015:1757-1: important: Security update for docker
SUSE Security Update: Security update for docker

Announcement ID: SUSE-SU-2015:1757-1
Rating: important
References: #949660
Cross-References: CVE-2014-8178 CVE-2014-8179
Affected Products:
SUSE Linux Enterprise Module for Containers 12

An update that fixes two vulnerabilities is now available.


docker was updated to version 1.8.3 to fix two security issues.

These security issues were fixed:
- CVE-2014-8178: Manipulated layer IDs could have lead to local graph
poisoning (bsc#949660).
- CVE-2014-8179: Manifest validation and parsing logic errors allowed
pull-by-digest validation bypass (bsc#949660).

This non-security issues was fixed:
- Add `--disable-legacy-registry` to prevent a daemon from using a v1

More information about docker 1.8.3 can be found at

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Module for Containers 12:

zypper in -t patch SUSE-SLE-Module-Containers-12-2015-691=1

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Linux Enterprise Module for Containers 12 (x86_64):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages