Oracle Linux 6 / 7 : docker-engine (ELSA-2015-3085)

High Nessus Plugin ID 86395


The remote Oracle Linux host is missing a security update.


Description of changes:

- Enable configuration of Docker daemon via sysconfig [orabug 21804877]
- Add documentation files to binary RPM

- Fix layer IDs lead to local graph poisoning (CVE-2014-8178)
- Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
- Add --disable-legacy-registry to prevent a daemon from using a v1 registry


Update the affected docker-engine package.

See Also

Plugin Details

Severity: High

ID: 86395

File Name: oraclelinux_ELSA-2015-3085.nasl

Version: $Revision: 2.2 $

Type: local

Agent: unix

Published: 2015/10/15

Modified: 2015/12/01

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:docker-engine, cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2015/10/14

Reference Information

CVE: CVE-2014-8178, CVE-2014-8179