MGASA-2016-0043

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2014-8178 CVE-2014-8179

Published: 05 Feb 2016, 17:26

Last modified:16 Apr 2026, 06:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

05 Feb 2016, 17:26

Published

Vulnerability first disclosed

16 Apr 2026, 06:22

Last Modified

Vulnerability information updated

Description

Updated docker/golang packages fix security vulnerability Manipulated layer IDs could have lead to local graph poisoning (CVE-2014-8178). Manifest validation and parsing logic errors allowed pull-by-digest validation bypass (CVE-2014-8179). To fix these issues, the golang package has been updated to version 1.4.3 and the docker package has been updated to version 1.9.1.

Affected Systems

mageia•docker
< 1.9.1-1.mga5
mageia•golang
< 1.4.3-1.mga5

References (5)

https://advisories.mageia.org/MGASA-2016-0043.html
https://bugs.mageia.org/show_bug.cgi?id=16984
https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/
http://blog.docker.com/2015/11/docker-1-9-production-ready-swarm-multi-host-networking/
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html