Oracle Linux 6 / 7 : docker (ELSA-2014-3110)
Critical Nessus Plugin ID 80329
SynopsisThe remote Oracle Linux host is missing one or more security updates.
DescriptionDescription of changes:
- Add symlink/LICENSE.BSD and symlink/LICENSE.APACHE under %files macro for docker-pkg-devel
- Rename requirement of docker-io-pkg-devel in %package devel as docker-pkg-devel
- Rename as docker
- Restore SysV init scripts for Oracle Linux 6
- Update source to 1.3.3 from https://github.com/docker/docker/releases/tag/v1.3.3 Path traversal during processing of absolute symlinks (CVE-2014-9356) Escalation of privileges during decompression of LZMA (.xz) archives (CVE-2014-9357) Path traversal and spoofing opportunities presented through image identifiers (CVE-2014-9358)
SolutionUpdate the affected docker packages.