RHEL 7 : docker (RHSA-2015:0776)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated docker packages that fix one security issue are now available
for Red Hat Enterprise Linux 7 Extras.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Docker is a service providing container management on Linux.

It was found that the fix for the CVE-2014-5277 issue was incomplete:
the docker client could under certain circumstances erroneously fall
back to HTTP when an HTTPS connection to a registry failed. This could
allow a man-in-the-middle attacker to obtain authentication and image
data from traffic sent from a client to the registry. (CVE-2015-1843)

Red Hat would like to thank Eric Windisch of Docker Inc. for reporting
this issue.

All docker users are advised to upgrade to these updated packages,
which correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-1843.html
http://rhn.redhat.com/errata/RHSA-2015-0776.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 82564 ()

Bugtraq ID: 73936

CVE ID: CVE-2014-5277
CVE-2015-1843

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now