10 matches found
Amazon Linux: Security Advisory (ALAS-2014-461)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : docker (RHSA-2015:0623)
Updated docker packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Fedora 20 : docker-io-1.4.1-6.fc20 (2015-1128)
run tests inside a docker repo allow unitfile to use /etc/sysconfig/docker-network Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Oracle Linux 6 / 7 : docker (ELSA-2014-3110)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3110 advisory. 1.3.3-1.0.1 - Rename requirement of docker-io-pkg-devel in %package devel as docker-pkg-devel - Restore SysV init scripts for Oracle Linux 6 -...
openSUSE Security Update : docker (openSUSE-SU-2014:1722-1)
This docker version update fixes the following security and non security issues and adds additional features. - Updated to 1.4.0 2014-12-11 : - Notable Features since 1.3.0 : - Set key=value labels to the daemon displayed in docker info, applied with new -label daemon flag - Add support for ENV i...
CVE-2014-9357
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted 1 image or 2 build in a Dockerfile in an LZMA .xz archive, related to the chroot for archive extraction...
BELL-CVE-2014-9357 CVE-2014-9357 does not affect BellSoft software
Bulletin has no description...
CVE-2014-9357
Technical details (affected product/version, root cause, impact, or fixes) for CVE-2014-9357 are not provided in the connected documents. Public details remain limited to the high-level Docker vulnerability description; monitor for updates.
Amazon Linux AMI : docker (ALAS-2014-461)
Path traversal attacks are possible in the processing of absolute symlinks. In checking symlinks for traversals, only relative links were considered. This allowed path traversals to exist where they should have otherwise been prevented. This was exploitable via both archive extraction and through...
Fedora 21 : docker-io-1.4.0-1.fc21 (2014-16839)
Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356 Revert to using upstream v1.3.2 release Resolves: rhbz1169035, rhbz1169151 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatical...