 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.123232 |
| Kategorie: | Oracle Linux Local Security Checks |
| Titel: | Oracle: Security Advisory (ELSA-2014-3095) |
| Zusammenfassung: | The remote host is missing an update for the 'docker' package(s) announced via the ELSA-2014-3095 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'docker' package(s) announced via the ELSA-2014-3095 advisory. Vulnerability Insight: [1.3.2-1.0.1] - Rename requirement of docker-io-pkg-devel in %package devel as docker-pkg-devel - Restore SysV init scripts for Oracle Linux 6 - Require Oracle Unbreakable Enterprise Kernel Release 3 or higher - Rename as docker. - Re-enable btrfs graphdriver support [1.3.2-1] - Update source to 1.3.2 from [link moved to references] Prevent host privilege escalation from an image extraction vulnerability (CVE-2014-6407). Prevent container escalation from malicious security options applied to images (CVE-2014-6408). The '--insecure-registry' flag of the 'docker run' command has undergone several refinements and additions. You can now specify a sub-net in order to set a range of registries which the Docker daemon will consider insecure. By default, Docker now defines 'localhost' as an insecure registry. Registries can now be referenced using the Classless Inter-Domain Routing (CIDR) format. When mirroring is enabled, the experimental registry v2 API is skipped. [1.3.1-2] - Remove pandoc from build reqs [1.3.1-1] - update to v1.3.1 [1.3.0-1] - Resolves: rhbz#1153936 - update to v1.3.0 - iptables=false => ip-masq=false [1.2.0-3] - Resolves: rhbz#1139415 - correct path for bash completion /usr/share/bash-completion/completions - sysvinit script update as per upstream commit 640d2ef6f54d96ac4fc3f0f745cb1e6a35148607 - don't own dirs for vim highlighting, bash completion and udev [1.2.0-2] - Resolves: rhbz#1145660 - support /etc/sysconfig/docker-storage From: Colin Walters - patch to ignore selinux if its disabled [link moved to references] From: Dan Walsh - Resolves: rhbz#1139415 - correct path for bash completion- init script waits up to 5 mins before terminating daemon[1.2.0-1]- Resolves: rhbz#1132824 - update to v1.2.0 Affected Software/OS: 'docker' package(s) on Oracle Linux 6, Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-6407 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html http://www.openwall.com/lists/oss-security/2014/11/24/5 http://secunia.com/advisories/60171 http://secunia.com/advisories/60241 SuSE Security Announcement: openSUSE-SU-2014:1596 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2014-6408 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |