Issued:: 2015-04-02
Updated:: 2015-04-02

RHSA-2015:0776 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: docker security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated docker packages that fix one security issue are now available for
Red Hat Enterprise Linux 7 Extras.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description

Docker is a service providing container management on Linux.

It was found that the fix for the CVE-2014-5277 issue was incomplete: the
docker client could under certain circumstances erroneously fall back to
HTTP when an HTTPS connection to a registry failed. This could allow a
man-in-the-middle attacker to obtain authentication and image data from
traffic sent from a client to the registry. (CVE-2015-1843)

Red Hat would like to thank Eric Windisch of Docker Inc. for reporting
this issue.

All docker users are advised to upgrade to these updated packages, which
correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server from RHUI 7 x86_64

Fixes

BZ - 1206443 - CVE-2015-1843 docker: regression of CVE-2014-5277

CVEs

CVE-2015-1843

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
x86_64
atomic-0-0.9.git4ff7dbd.el7.x86_64.rpm	SHA-256: 80997c9015f869a4bb9fb05db60f54b03fff60c79cf7e00eb84bfa226364f0e2
docker-1.5.0-28.el7.x86_64.rpm	SHA-256: 11013b79ef3c072cff8532de1fe4dcf464b0d58dede2c791273277349c572b2f
docker-logrotate-1.5.0-28.el7.x86_64.rpm	SHA-256: 9f497d51b49636c40549b45be9937e40849536825841f79009840c93857bfcb9
docker-python-1.0.0-22.el7.x86_64.rpm	SHA-256: 6c3cf79c1e45c2b9e3d0d927253201f36dce74690b37674b3ec33b0e6ee8c437
python-websocket-client-0.14.1-65.el7.noarch.rpm	SHA-256: d5180946613de94901a60957c0a28aca149f73ba533e6f979fe6de9f9d4dbd40

Red Hat Enterprise Linux Server from RHUI 7

SRPM
x86_64
atomic-0-0.9.git4ff7dbd.el7.x86_64.rpm	SHA-256: 80997c9015f869a4bb9fb05db60f54b03fff60c79cf7e00eb84bfa226364f0e2
docker-1.5.0-28.el7.x86_64.rpm	SHA-256: 11013b79ef3c072cff8532de1fe4dcf464b0d58dede2c791273277349c572b2f
docker-logrotate-1.5.0-28.el7.x86_64.rpm	SHA-256: 9f497d51b49636c40549b45be9937e40849536825841f79009840c93857bfcb9
docker-python-1.0.0-22.el7.x86_64.rpm	SHA-256: 6c3cf79c1e45c2b9e3d0d927253201f36dce74690b37674b3ec33b0e6ee8c437
python-websocket-client-0.14.1-65.el7.noarch.rpm	SHA-256: d5180946613de94901a60957c0a28aca149f73ba533e6f979fe6de9f9d4dbd40

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation