|
|
Log in / Subscribe / Register

docker-engine: two vulnerabilities

Package(s):docker-engine CVE #(s):CVE-2014-8178 CVE-2014-8179
Created:October 15, 2015 Updated:February 8, 2016
Description: From the Oracle advisory:

[1.8.3]

  • Fix layer IDs lead to local graph poisoning (CVE-2014-8178)
  • Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
  • Add --disable-legacy-registry to prevent a daemon from using a v1 registry
Alerts:
Mageia MGASA-2016-0043 docker/golang 2016-02-05
openSUSE openSUSE-SU-2015:2073-1 docker 2015-11-23
openSUSE openSUSE-SU-2015:1773-1 docker 2015-10-17
SUSE SUSE-SU-2015:1757-1 docker 2015-10-15
Oracle ELSA-2015-3085 docker-engine 2015-10-14
Oracle ELSA-2015-3085 docker-engine 2015-10-14
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds