Bug 930235 - (CVE-2015-3630) VUL-0: CVE-2015-3630, CVE-2015-3631, CVE-2015-3627,CVE-2015-3629: docker: various security issues
(CVE-2015-3630)
VUL-0: CVE-2015-3630, CVE-2015-3631, CVE-2015-3627,CVE-2015-3629: docker: var...
Status: RESOLVED FIXED
: CVE-2015-3631 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-05-08 15:03 UTC by Flavio Castelli
Modified: 2018-12-14 15:10 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Flavio Castelli 2015-05-08 15:03:21 UTC
Docker Inc. released docker 1.6.1 to fix the following vulnerabilities:

 - Fix read/write /proc paths (CVE-2015-3630)
 - Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631)
 - Fix opening of file-descriptor 1 (CVE-2015-3627)
 - Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629)


We have to update our docker package from version 1.6.0 to 1.6.1
Comment 1 Flavio Castelli 2015-05-08 15:18:53 UTC
I created the following maintenance requests:
  * SLE: https://build.suse.de/request/show/57276
  * openSUSE: https://build.opensuse.org/request/show/305956
Comment 3 Marcus Meissner 2015-05-13 12:06:06 UTC
updates were submitted and accepted, reassign to security-team
Comment 4 Swamp Workflow Management 2015-05-19 09:05:35 UTC
openSUSE-SU-2015:0905-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 930235
CVE References: CVE-2015-3627,CVE-2015-3629,CVE-2015-3630,CVE-2015-3631
Sources used:
openSUSE 13.2 (src):    docker-1.6.1-28.1
Comment 5 Swamp Workflow Management 2015-06-02 09:05:03 UTC
SUSE-SU-2015:0984-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 930235,931301
CVE References: CVE-2015-3627,CVE-2015-3629,CVE-2015-3630,CVE-2015-3631
Sources used:
SUSE Linux Enterprise Server 12 (src):    docker-1.6.2-31.2
Comment 6 Marcus Meissner 2015-06-14 12:29:30 UTC
released
Comment 7 Marcus Meissner 2015-09-09 15:31:09 UTC
*** Bug 945060 has been marked as a duplicate of this bug. ***