rpm package
suse/docker&distro=SUSE Linux Enterprise Server for SAP Applications 12
pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-3631 | — | < 1.6.2-31.2 | 1.6.2-31.2 | May 18, 2015 | Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. | ||
| CVE-2015-3630 | — | < 1.6.2-31.2 | 1.6.2-31.2 | May 18, 2015 | Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. | ||
| CVE-2015-3629 | Hig | 7.8 | < 1.6.2-31.2 | 1.6.2-31.2 | May 18, 2015 | Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. | |
| CVE-2015-3627 | — | < 1.6.2-31.2 | 1.6.2-31.2 | May 18, 2015 | Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. |
- CVE-2015-3631May 18, 2015affected < 1.6.2-31.2fixed 1.6.2-31.2
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
- CVE-2015-3630May 18, 2015affected < 1.6.2-31.2fixed 1.6.2-31.2
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.
- affected < 1.6.2-31.2fixed 1.6.2-31.2
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
- CVE-2015-3627May 18, 2015affected < 1.6.2-31.2fixed 1.6.2-31.2
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.