54 matches found
Code injection
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 https://access.redhat.com/errata/RHBA-2020:0053 included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in...
CVE-2020-14300
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 https://access.redhat.com/errata/RHBA-2020:0053 included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in...
Photon OS 2.0: Docker PHSA-2019-2.0-0193
An update of the docker package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0193. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13267...
Moderate: Red Hat Bug Fix Advisory: docker bug fix update
Updated docker package that fixes two bugs is now available for Red Hat Enterprise Linux 7 Extras. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. The docker package contains docke...
Photon OS 1.0: Docker PHSA-2019-1.0-0238
An update of the docker package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0238. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid12619...
Fedora 23 : 2:docker (2016-6a0d540088)
built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit 4158ccc ---- Resolves: 1335649 - enable Red Hat subscription use in Docker containers on Fedora ---- built docker...
MGASA-2016-0209 Updated docker package fixes CVE-2016-3697
Updated docker packages fix security vulnerability: It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container CVE-2016-3697...
Authentication flaw
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...
CVE-2015-1843
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...
CVE-2015-1843
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...
CVE-2015-1843
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...
CVE-2015-1843
CVE-2015-1843 corresponds to a downgrade vulnerability in the Red Hat Docker package prior to 1.5.0-28 when using the --add-registry option, where a failed HTTPS connection to the registry causes the client to fall back to HTTP. This enables a man-in-the-middle to block TLS and potentially obtain...
CVE-2015-1843
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...
Low: Red Hat Bug Fix Advisory: docker bug fix and enhancement update
An updated docker package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 7 Extras. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually...