You are here
Home > Preporuke > Sigurnosni propusti programskog paketa docker

Sigurnosni propusti programskog paketa docker

  • Detalji os-a: LSU
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

SUSE Security Update: Security update for docker

Announcement ID: SUSE-SU-2015:1757-1
Rating: important
References: #949660
Cross-References: CVE-2014-8178 CVE-2014-8179
Affected Products:
SUSE Linux Enterprise Module for Containers 12

An update that fixes two vulnerabilities is now available.


docker was updated to version 1.8.3 to fix two security issues.

These security issues were fixed:
– CVE-2014-8178: Manipulated layer IDs could have lead to local graph
poisoning (bsc#949660).
– CVE-2014-8179: Manifest validation and parsing logic errors allowed
pull-by-digest validation bypass (bsc#949660).

This non-security issues was fixed:
– Add `–disable-legacy-registry` to prevent a daemon from using a v1

More information about docker 1.8.3 can be found at

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Module for Containers 12:

zypper in -t patch SUSE-SLE-Module-Containers-12-2015-691=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Module for Containers 12 (x86_64):



To unsubscribe, e-mail:
For additional commands, e-mail:

AutorTomislav Protega
Cert idNCERT-REF-2015-10-0002-ADV
CveCVE-2014-8178 CVE-2014-8179
ID izvornikaSUSE-SU-2015:1757-1
More in Preporuke
Sigurnosni nedostaci programskog paketa gdk-pixbuf

Otkriveni su sigurnosni nedostaci u programskom paketu gdk-pixbuf. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje DoS napada i pokretanje proizvoljnog programskog...