- Issued:
- 2015-05-12
- Updated:
- 2015-05-12
RHBA-2015:0993 - Bug Fix Advisory
Synopsis
docker bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated docker packages that fix several bugs are now available for Red Hat
Enterprise Linux 7 Extras.
Description
Docker is an open-source engine that automates the deployment of any application
as a lightweight, portable, self-sufficient container that will run virtually
anywhere.
This update fixes the following bugs:
- Previously, the docker daemon had a hardcoded setting for the port ranges to
be assigned to containers and it ignored the values in the
/proc/sys/net/ipv4/ip_loca_port_range file. Additionally, the user could not
modify this file. After this update, the user can specify a custom port range in
/proc/sys/net/ipv4/ip_local_port_range which the docker daemon will read and use
for ephemeral port assignment. (BZ#1151167)
- In previous versions of docker, the "docker login" command failed to execute
and the user could not log into a Docker registry. This bug has been fixed, and
"docker login" now works correctly. (BZ#1212188)
- The docker package did not correctly account for minimum required Name,
Version, Release (NVR) for the device-mapper-libs package. Consequently, when a
user did a selective system upgrade (for example "yum update docker"),
device-mapper-libs did not get updated along with the docker package, thus
causing problems in docker usage. To fix this bug, updating the docker package
now also enforces an update of device-mapper-libs and upgrading docker works
correctly. (BZ#1207839)
- Prevention code against forwarding credentials belonging to other registry
than the one being contacted did not cope with URLs lacking schema. As a
consequence, all credentials were thrown away and the user could not
authenticate to any registry except for the "docker.io" registry. With this
update, the docker daemon's credential checking is now more robust and users can
authenticate against any registry. (BZ#1209439)
Users of docker are advised to upgrade to this updated package, which fixes
these bugs. After installing the update, docker
containers must be restarted for the changes to take effect.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Server from RHUI 7 x86_64
Fixes
- BZ - 1151167 - ephemeral port assignment outisde specified range
- BZ - 1201216 - Docker causes AVC denials while other rpm packages are being installed on the host
- BZ - 1207839 - docker-1.5.0-27.el7.x86_64 fails with older versions of device-mapper-libs
- BZ - 1209439 - docker fails to authenticate against additional registries
- BZ - 1211750 - flag provided but not defined: --add-registry
- BZ - 1211765 - dockerfile man page unreadable
- BZ - 1212188 - Unable to 'docker login' with 1.6.0-2.el7
- BZ - 1212579 - runtime: unexpected return pc for runtime.cgocallbackg
- BZ - 1215768 - Hard coded /tmp size of 64M causes problems
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 7
SRPM | |
---|---|
x86_64 | |
atomic-0-0.22.git5b2fa8d.el7.x86_64.rpm | SHA-256: c7719889bb08244b4b43975999d5ed83701229b882b6de7b8f4622d20cd816ae |
docker-1.6.0-11.el7.x86_64.rpm | SHA-256: 41a096c68be7cbafa1297a97bfc6ce788aae3eb1836e090ccfde2431af52c552 |
docker-logrotate-1.6.0-11.el7.x86_64.rpm | SHA-256: 8eb8260b6929f2392bfc47559a0970ed6b68f3aeec17c55a30bb0b1f4d466373 |
docker-python-1.0.0-35.el7.x86_64.rpm | SHA-256: 13f28a3f6299c9ec58d712a861b4641cb19b2c865d949330fa1759363d0cb60f |
docker-selinux-1.6.0-11.el7.x86_64.rpm | SHA-256: da2606d61a22f96996abdce65d892a11aa8477a1d9900f9ab215dfb855a823d8 |
python-websocket-client-0.14.1-78.el7.noarch.rpm | SHA-256: 7c8b3b3238e30bc271d4a48a75142602e98bdc422567a4b511a0702e0c1dc790 |
Red Hat Enterprise Linux Server from RHUI 7
SRPM | |
---|---|
x86_64 | |
atomic-0-0.22.git5b2fa8d.el7.x86_64.rpm | SHA-256: c7719889bb08244b4b43975999d5ed83701229b882b6de7b8f4622d20cd816ae |
docker-1.6.0-11.el7.x86_64.rpm | SHA-256: 41a096c68be7cbafa1297a97bfc6ce788aae3eb1836e090ccfde2431af52c552 |
docker-logrotate-1.6.0-11.el7.x86_64.rpm | SHA-256: 8eb8260b6929f2392bfc47559a0970ed6b68f3aeec17c55a30bb0b1f4d466373 |
docker-python-1.0.0-35.el7.x86_64.rpm | SHA-256: 13f28a3f6299c9ec58d712a861b4641cb19b2c865d949330fa1759363d0cb60f |
docker-selinux-1.6.0-11.el7.x86_64.rpm | SHA-256: da2606d61a22f96996abdce65d892a11aa8477a1d9900f9ab215dfb855a823d8 |
python-websocket-client-0.14.1-78.el7.noarch.rpm | SHA-256: 7c8b3b3238e30bc271d4a48a75142602e98bdc422567a4b511a0702e0c1dc790 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.