Updated docker/golang packages fix security vulnerability
Publication date: 05 Feb 2016Modification date: 05 Feb 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2014-8178 , CVE-2014-8179
Description
Manipulated layer IDs could have lead to local graph poisoning
(CVE-2014-8178).
Manifest validation and parsing logic errors allowed pull-by-digest
validation bypass (CVE-2014-8179).
To fix these issues, the golang package has been updated to version 1.4.3
and the docker package has been updated to version 1.9.1.
References
- https://bugs.mageia.org/show_bug.cgi?id=16984
- https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/
- http://blog.docker.com/2015/11/docker-1-9-production-ready-swarm-multi-host-networking/
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8178
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8179
SRPMS
5/core
- docker-1.9.1-1.mga5
- golang-1.4.3-1.mga5