Rapid7 Vulnerability & Exploit Database

RHSA-2015:0776: docker security update

Back to Search

RHSA-2015:0776: docker security update

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
04/02/2015
Created
07/25/2018
Added
04/06/2015
Modified
07/04/2017

Description

Docker is a service providing container management on Linux.It was found that the fix for the CVE-2014-5277 issue was incomplete: thedocker client could under certain circumstances erroneously fall back toHTTP when an HTTPS connection to a registry failed. This could allow aman-in-the-middle attacker to obtain authentication and image data fromtraffic sent from a client to the registry. (CVE-2015-1843)Red Hat would like to thank Eric Windisch of Docker Inc. for reportingthis issue.All docker users are advised to upgrade to these updated packages, whichcorrect this issue.

Solution(s)

  • redhat-upgrade-atomic
  • redhat-upgrade-docker
  • redhat-upgrade-docker-logrotate
  • redhat-upgrade-docker-python
  • redhat-upgrade-python-websocket-client

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;