|
|
Subscribe / Log in / New account

Oracle alert ELSA-2017-3511 (docker-engine docker-engine-selinux)



From:
    	      Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
    	      el-errata@oss.oracle.com 


Subject:
    	      [El-errata] ELSA-2017-3511 Important: Oracle Linux 6 docker-engine docker-engine-selinux security update 


Date:
    	      Tue, 17 Jan 2017 07:04:56 -0800


Message-ID:
    	      <587E3298.5090402@oracle.com>


Oracle Linux Security Advisory ELSA-2017-3511

http://linux.oracle.com/errata/ELSA-2017-3511.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
docker-engine-1.12.6-1.0.1.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/docker-engine-1.1...



Description of changes:

[1.12.6-1.0.1]
- Enable configuration of Docker daemon via sysconfig [orabug 21804877]
- Require UEK4 for docker 1.9 [orabug 22235639 22235645]
- Add docker.conf for prelink [orabug 25147708]

[1.12.6]
- the systemd unit file (/usr/lib/systemd/system/docker.service) 
contains local changes, or
- a systemd drop-in file is present, and contains -H fd:// in the 
ExecStart directive
- Backup the current version of the unit file, and replace the file with the
- Remove the Requires=docker.socket directive from the 
/usr/lib/systemd/system/docker.service file if present
- Remove -H fd:// from the ExecStart directive (both in the main unit 
file, and in any drop-in files present).
- Fix runC privilege escalation (CVE-2016-9962)

[1.12.5]
- the systemd unit file (/usr/lib/systemd/system/docker.service) 
contains local changes, or
- a systemd drop-in file is present, and contains -H fd:// in the 
ExecStart directive
- Backup the current version of the unit file, and replace the file with the
- Remove the Requires=docker.socket directive from the 
/usr/lib/systemd/system/docker.service file if present
- Remove -H fd:// from the ExecStart directive (both in the main unit 
file, and in any drop-in files present).
- Fix race on sending stdin close event 
[#29424](https://github.com/docker/docker/pull/29424)
- Fix panic in docker network ls when a network was created with --ipv6 
and no ipv6 --subnet in older docker versions 
[#29416](https://github.com/docker/docker/pull/29416)
- Fix compilation on Darwin 
[#29370](https://github.com/docker/docker/pull/29370)

[1.12.4]
- the systemd unit file (/usr/lib/systemd/system/docker.service) 
contains local changes, or
- a systemd drop-in file is present, and contains -H fd:// in the 
ExecStart directive
- Backup the current version of the unit file, and replace the file with the
- Remove the Requires=docker.socket directive from the 
/usr/lib/systemd/system/docker.service file if present
- Remove -H fd:// from the ExecStart directive (both in the main unit 
file, and in any drop-in files present).
- Fix issue where volume metadata was not removed 
[#29083](https://github.com/docker/docker/pull/29083)
- Asynchronously close streams to prevent holding container lock 
[#29050](https://github.com/docker/docker/pull/29050)
- Fix selinux labels for newly created container volumes 
[#29050](https://github.com/docker/docker/pull/29050)
- Remove hostname validation 
[#28990](https://github.com/docker/docker/pull/28990)
- Fix deadlocks caused by IO races 
[#29095](https://github.com/docker/docker/pull/29095) 
[#29141](https://github.com/docker/docker/pull/29141)
- Return an empty stats if the container is restarting 
[#29150](https://github.com/docker/docker/pull/29150)
- Fix volume store locking 
[#29151](https://github.com/docker/docker/pull/29151)
- Ensure consistent status code in API 
[#29150](https://github.com/docker/docker/pull/29150)
- Fix incorrect opaque directory permission in overlay2 
[#29093](https://github.com/docker/docker/pull/29093)
- Detect plugin content and error out on docker pull 
[#29297](https://github.com/docker/docker/pull/29297)
- Update Swarmkit [#29047](https://github.com/docker/docker/pull/29047)
- orchestrator/global: Fix deadlock on updates 
[docker/swarmkit#1760](https://github.com/docker/swarmkit/pull/1760)
- on leader switchover preserve the vxlan id for existing networks 
[docker/swarmkit#1773](https://github.com/docker/swarmkit/pull/1773)
- Refuse swarm spec not named "default" 
[#29152](https://github.com/docker/docker/pull/29152)
- Update libnetwork 
[#29004](https://github.com/docker/docker/pull/29004) 
[#29146](https://github.com/docker/docker/pull/29146)
- Fix panic in embedded DNS 
[docker/libnetwork#1561](https://github.com/docker/libnetwork/pull/1561)
- Fix unmarhalling panic when passing --link-local-ip on global scope 
network 
[docker/libnetwork#1564](https://github.com/docker/libnetwork/pull/1564)
- Fix panic when network plugin returns nil StaticRoutes 
[docker/libnetwork#1563](https://github.com/docker/libnetwork/pull/1563)
- Fix panic in osl.(*networkNamespace).DeleteNeighbor 
[docker/libnetwork#1555](https://github.com/docker/libnetwork/pull/1555)
- Fix panic in swarm networking concurrent map read/write 
[docker/libnetwork#1570](https://github.com/docker/libnetwork/pull/1570)
- Allow encrypted networks when running docker inside a container 
[docker/libnetwork#1502](https://github.com/docker/libnetwork/pull/1502)
- Do not block autoallocation of IPv6 pool 
[docker/libnetwork#1538](https://github.com/docker/libnetwork/pull/1538)
- Set timeout for netlink calls 
[docker/libnetwork#1557](https://github.com/docker/libnetwork/pull/1557)
- Increase networking local store timeout to one minute 
[docker/libkv#140](https://github.com/docker/libkv/pull/140)
- Fix a panic in libnetwork.(*sandbox).execFunc 
[docker/libnetwork#1556](https://github.com/docker/libnetwork/pull/1556)
- Honor icc=false for internal networks 
[docker/libnetwork#1525](https://github.com/docker/libnetwork/pull/1525)
- Update syslog log driver 
[#29150](https://github.com/docker/docker/pull/29150)
- Run "dnf upgrade" before installing in fedora 
[#29150](https://github.com/docker/docker/pull/29150)
- Add build-date back to RPM packages 
[#29150](https://github.com/docker/docker/pull/29150)
- deb package filename changed to include distro to distinguish between 
distro code names [#27829](https://github.com/docker/docker/pull/27829)

[1.12.3]
- the systemd unit file (/usr/lib/systemd/system/docker.service) 
contains local changes, or
- a systemd drop-in file is present, and contains -H fd:// in the 
ExecStart directive
- Backup the current version of the unit file, and replace the file with the
- Remove the Requires=docker.socket directive from the 
/usr/lib/systemd/system/docker.service file if present
- Remove -H fd:// from the ExecStart directive (both in the main unit 
file, and in any drop-in files present).
- Fix ambient capability usage in containers (CVE-2016-8867) 
[#27610](https://github.com/docker/docker/pull/27610)
- Prevent a deadlock in libcontainerd for Windows 
[#27136](https://github.com/docker/docker/pull/27136)
- Fix error reporting in CopyFileWithTar 
[#27075](https://github.com/docker/docker/pull/27075)
- Reset health status to starting when a container is restarted 
[#27387](https://github.com/docker/docker/pull/27387)
- Properly handle shared mount propagation in storage directory 
[#27609](https://github.com/docker/docker/pull/27609)
- Fix docker exec [#27610](https://github.com/docker/docker/pull/27610)
- Fix backward compatibility with containerd’s events log 
[#27693](https://github.com/docker/docker/pull/27693)
- Fix conversion of restart-policy 
[#27062](https://github.com/docker/docker/pull/27062)
- Update Swarmkit [#27554](https://github.com/docker/docker/pull/27554)
- Avoid restarting a task that has already been restarted 
[docker/swarmkit#1305](https://github.com/docker/swarmkit/pull/1305)
- Allow duplicate published ports when they use different protocols 
[docker/swarmkit#1632](https://github.com/docker/swarmkit/pull/1632)
- Allow multiple randomly assigned published ports on service 
[docker/swarmkit#1657](https://github.com/docker/swarmkit/pull/1657)
- Fix panic when allocations happen at init time 
[docker/swarmkit#1651](https://github.com/docker/swarmkit/pull/1651)
- Update libnetwork [#27559](https://github.com/docker/docker/pull/27559)
- Fix race in serializing sandbox to string 
[docker/libnetwork#1495](https://github.com/docker/libnetwork/pull/1495)
- Fix race during deletion 
[docker/libnetwork#1503](https://github.com/docker/libnetwork/pull/1503)
- Reset endpoint port info on connectivity revoke in bridge driver 
[docker/libnetwork#1504](https://github.com/docker/libnetwork/pull/1504)
- Fix a deadlock in networking code 
[docker/libnetwork#1507](https://github.com/docker/libnetwork/pull/1507)
- Fix a race in load balancer state 
[docker/libnetwork#1512](https://github.com/docker/libnetwork/pull/1512)
- Update fluent-logger-golang to v1.2.1 
[#27474](https://github.com/docker/docker/pull/27474)
- Update buildtags for armhf ubuntu-trusty 
[#27327](https://github.com/docker/docker/pull/27327)
- Add AppArmor to runc buildtags for armhf 
[#27421](https://github.com/docker/docker/pull/27421)



_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds