{"affected":[{"ecosystem_specific":{"binaries":[{"docker":"1.8.3-49.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Containers 12","name":"docker","purl":"pkg:rpm/suse/docker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.3-49.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"docker was updated to version 1.8.3 to fix two security issues.\n\nThese security issues were fixed:\n- CVE-2014-8178: Manipulated layer IDs could have lead to local graph poisoning (bsc#949660).\n- CVE-2014-8179: Manifest validation and parsing logic errors allowed pull-by-digest validation bypass (bsc#949660).\n\nThis non-security issues was fixed:\n- Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry\n\nMore information about docker 1.8.3 can be found at \nhttps://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/\n","id":"SUSE-SU-2015:1757-1","modified":"2015-10-14T07:53:41Z","published":"2015-10-14T07:53:41Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20151757-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/949660"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-8178"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-8179"}],"related":["CVE-2014-8178","CVE-2014-8179"],"summary":"Security update for docker","upstream":["CVE-2014-8178","CVE-2014-8179"]}