Monthly Archives: January 2015

Fedora

Fedora EPEL 6 Security Update: docker-io-1.4.1-3.el6

Resolved Bugs
1169593 – Creates /.docker
1175144 – docker-io-1.4.1 is available
1173950 – docker-io can’t be installed on rhel 6.5 due to requirement device-mapper-libs >= 1.02.90-1
1173325 – CVE-2014-9357 CVE-2014-9356 CVE-2014-9358 docker-io: various flaws [epel-6]
1172761 – CVE-2014-9356 docker: Path traversal during processing of absolute symlinks
1172782 – CVE-2014-9357 docker: Escalation of privileges during decompression of LZMA archives
1172787 – CVE-2014-9358 docker: Path traversal and spoofing opportunities presented through image identifiers<br
set DOCKER_CERT_PATH outside of sysconfig file
don’t require fish for fish-completion as it’s unavailable
Resolves: rhbz#1175144 – update to 1.4.1
Resolves: rhbz#1173950 remove min version requirements on device-mapper-libs
Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356

Mandriva

[ MDVSA-2015:027 ] kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:027
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : kernel
 Date    : January 16, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in the Linux
 kernel:
 
 The SCTP implementation in the Linux kernel before 3.17.4 allows
 remote attackers to cause a denial of service (memory consumption) by
 triggering a large number of chunks in an association's output queue,
 as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and
 net/sctp/sm_statefuns.c (CVE-2014-3688=.
 
 Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux
 kernel before 3.16.3, allows remote attackers to cause a deni