openSUSE Security Update : docker (openSUSE-SU-2014:1596-1)
High Nessus Plugin ID 79819
SynopsisThe remote openSUSE host is missing a security update.
Descriptiondocker was updated to version 1.3.2 to fix two security issues.
These security issues were fixed :
- Symbolic and hardlink issues leading to privilege escalation (CVE-2014-6407).
- Potential container escalation (CVE-2014-6408).
There non-security issues were fixed :
- Fix deadlock in docker ps -f exited=1
- Fix a bug when --volumes-from references a container that failed to start
- --insecure-registry now accepts CIDR notation such as 10.1.0.0/16
- Private registries whose IPs fall in the 127.0.0.0/8 range do no need the --insecure-registry flag
- Skip the experimental registry v2 API when mirroring is enabled
- Fixed minor packaging issues.
SolutionUpdate the affected docker packages.