PT-2015-6251 · Docker +2 · Docker Engine +3

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 1.6.1 Description: The issue allows local users to set arbitrary Linux Security Modules LSM and docker t policies via an image that allows volumes to override files in /proc. This can be achieved by exploiting...

PT-2015-6247 · Docker +2 · Libcontainer +4

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 1.6.1 Libcontainer versions prior to 1.6.1 Description: The issue allows local users to gain privileges via a symlink attack in an image. This occurs because Libcontainer and Docker Engine open the...

PT-2015-6250 · Docker +2 · Docker Engine +3

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 1.6.1 Description: The issue allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. This is due to weak permissions for certain /proc...

PT-2015-6249 · Docker +2 · Libcontainer +3

Name of the Vulnerable Software and Affected Versions: Docker Engine using Libcontainer version 1.6.0 Description: The issue allows local users to escape containerization and write to arbitrary files on the host system via a symlink attack in an image when respawning a container. This is due to a...

Amazon Linux AMI : docker (ALAS-2015-522)

The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege escalation. CVE-2015-3627 Libcontainer versi...

Critical: docker

Issue Overview: The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege escalation. CVE-2015-3627...

Red Hat docker HTTP degradation vulnerability

Docker is an open-source application container engine that allows developers to package their applications, as well as dependency packages, into a portable container that can then be distributed to any popular Linux machine, as well as virtualized. Red Hat docker package with the --add-registry...

CVE-2015-1843

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...

Authentication flaw

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...

CVE-2015-1843

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...

CVE-2015-1843

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...

CVE-2015-1843

CVE-2015-1843 corresponds to a downgrade vulnerability in the Red Hat Docker package prior to 1.5.0-28 when using the --add-registry option, where a failed HTTPS connection to the registry causes the client to fall back to HTTP. This enables a man-in-the-middle to block TLS and potentially obtain...

CVE-2015-1843

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...

RHEL 7 : docker (RHSA-2015:0776)

Updated docker packages that fix one security issue are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

docker: regression of CVE-2014-5277

It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle attacker to obtain authentication and image data from traffic...

Moderate: Red Hat Security Advisory: docker security update

Updated docker packages that fix one security issue are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

RHEL 6 : kernel-rt (RHSA-2015:0694)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0694 advisory. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's XFS...

Low: Red Hat Security Advisory: docker security, bug fix, and enhancement update

Updated docker packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

docker: Escalation of privileges during decompression of LZMA archives

A flaw was found in the way the Docker service unpacked images or builds after a "docker pull". An attacker could use this flaw to provide a malicious image or build that, when unpacked, would escalate their privileges on the system...

docker: Path traversal during processing of absolute symlinks

It was found that a malicious container image could overwrite arbitrary portions of the host file system by including absolute symlinks, potentially leading to privilege escalation...