ELSA-2015-3085 Important: Oracle Linux docker-engine security update
Description
Oracle Linux Security Advisory ELSA-2015-3085 http://linux.oracle.com/errata/ELSA-2015-3085.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: docker-engine-1.8.3-1.0.1.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/docker-engine-1.8.3-1.0.1.el7.src.rpm Description of changes: [1.8.3-1.0.1] - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Add documentation files to binary RPM [1.8.3] - Fix layer IDs lead to local graph poisoning (CVE-2014-8178) - Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179) - Add --disable-legacy-registry to prevent a daemon from using a v1 registry
Solution(s)
- oracle-linux-upgrade-docker-engine
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center