openSUSE Security Update : docker (openSUSE-2015-666)
Medium Nessus Plugin ID 86437
SynopsisThe remote openSUSE host is missing a security update.
DescriptionDocker was updated to 1.8.3 to fix two security issues.
The following vulnerabilities were fixed :
- CVE-2014-8178: layer IDs lead to local graph poisoning (boo#949660)
- CVE-2014-8179: manifest validation and parsing logic errors allow pull-by-digest validation bypass
In addition, the following change is included :
- --disable-legacy-registry to prevent a daemon from using a v1 registry
SolutionUpdate the affected docker packages.