SUSE-SU-2015:1757-1: important: Security update for docker

sle-security-updates at sle-security-updates at
Thu Oct 15 05:26:51 MDT 2015

   SUSE Security Update: Security update for docker

Announcement ID:    SUSE-SU-2015:1757-1
Rating:             important
References:         #949660 
Cross-References:   CVE-2014-8178 CVE-2014-8179
Affected Products:
                    SUSE Linux Enterprise Module for Containers 12

   An update that fixes two vulnerabilities is now available.


   docker was updated to version 1.8.3 to fix two security issues.

   These security issues were fixed:
   - CVE-2014-8178: Manipulated layer IDs could have lead to local graph
     poisoning (bsc#949660).
   - CVE-2014-8179: Manifest validation and parsing logic errors allowed
     pull-by-digest validation bypass (bsc#949660).

   This non-security issues was fixed:
   - Add `--disable-legacy-registry` to prevent a daemon from using a v1

   More information about docker 1.8.3 can be found at

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Containers 12:

      zypper in -t patch SUSE-SLE-Module-Containers-12-2015-691=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Module for Containers 12 (x86_64):



More information about the sle-security-updates mailing list