openSUSE Security Update : docker (openSUSE-SU-2014:1722-1)
Critical Nessus Plugin ID 80278
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis docker version update fixes the following security and non security issues and adds additional features.
- Updated to 1.4.0 (2014-12-11) :
- Notable Features since 1.3.0 :
- Set key=value labels to the daemon (displayed in `docker info`), applied with new `-label` daemon flag
- Add support for `ENV` in Dockerfile of the form: `ENV name=value name2=value2...`
- New Overlayfs Storage Driver
- `docker info` now returns an `ID` and `Name` field
- Filter events by event name, container, or image
- `docker cp` now supports copying from container volumes
- Fixed `docker tag`, so it honors `--force` when overriding a tag for existing image.
- Changes introduced by 1.3.3 (2014-12-11) :
- Security :
- Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709)
- Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710)
- Validate image IDs (CVE-2014-9358) - (bnc#909712)
- Runtime :
- Fix an issue when image archives are being read slowly
- Client :
- Fix a regression related to stdin redirection
- Fix a regression with `docker cp` when destination is the current directory
SolutionUpdate the affected docker packages.