VYPR

rpm package

suse/docker&distro=SUSE Linux Enterprise Server for SAP Applications 12

pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Vulnerabilities (4)

  • CVE-2015-3631May 18, 2015
    affected < 1.6.2-31.2fixed 1.6.2-31.2

    Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.

  • CVE-2015-3630May 18, 2015
    affected < 1.6.2-31.2fixed 1.6.2-31.2

    Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

  • CVE-2015-3629HigMay 18, 2015
    affected < 1.6.2-31.2fixed 1.6.2-31.2

    Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

  • CVE-2015-3627May 18, 2015
    affected < 1.6.2-31.2fixed 1.6.2-31.2

    Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.