[SECURITY] Fedora EPEL 6 Update: docker-io-1.4.1-3.el6

updates at fedoraproject.org updates at fedoraproject.org
Sat Jan 31 16:53:27 UTC 2015 

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-0315
2015-01-16 17:57:43
--------------------------------------------------------------------------------

Name        : docker-io
Product     : Fedora EPEL 6
Version     : 1.4.1
Release     : 3.el6
URL         : http://www.docker.com
Summary     : Automates deployment of containerized applications
Description :
Docker is an open-source engine that automates the deployment of any
application as a lightweight, portable, self-sufficient container that will
run virtually anywhere.

Docker containers can encapsulate any payload, and will run consistently on
and between virtually any server. The same container that a developer builds
and tests on a laptop will run at scale, in production*, on VMs, bare-metal
servers, OpenStack clusters, public instances, or combinations of the above.

--------------------------------------------------------------------------------
Update Information:

set DOCKER_CERT_PATH outside of sysconfig file
don't require fish for fish-completion as it's unavailable
Resolves: rhbz#1175144 - update to 1.4.1
Resolves: rhbz#1173950 remove min version requirements on device-mapper-libs
Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1172761 - CVE-2014-9356 docker: Path traversal during processing of absolute symlinks
        https://bugzilla.redhat.com/show_bug.cgi?id=1172761
  [ 2 ] Bug #1172782 - CVE-2014-9357 docker: Escalation of privileges during decompression of LZMA archives
        https://bugzilla.redhat.com/show_bug.cgi?id=1172782
  [ 3 ] Bug #1172787 - CVE-2014-9358 docker: Path traversal and spoofing opportunities presented through image identifiers
        https://bugzilla.redhat.com/show_bug.cgi?id=1172787
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update docker-io' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the epel-package-announce mailing list