New Docker release helps users avoid the Poodle bug

Jonathan Vanian

Fri, Oct 31, 2014, 4:38 PM

If you already loaded up Docker 1.3, which came out a few weeks ago, Docker wants you to update to Docker 1.3.1 so as to avoid the Poodle bug, the company detailed in a security advisory on Thursday.

The Poodle bug takes advantage of a security flaw that surfaces when a secure network connection between a browser and a website takes place; in this case, browsers try to reestablish connections with websites through an old-and- flawed version of the security protocol SSL 3.0, making them open to an attack. A host of companies like Google, Mozilla and Twitter have said they will no longer support this protocol.

The same sort of vulnerability can occur within the Docker engine and docker-py, an API client that lets Python users communicate with Docker. Essentially, if for some reason the Docker engine and the API client fail to connect with a registry on the first try, the next time it tries to connect it will do so using an HTTP connection as opposed to an HTTPS connection; this makes it less secure and could “force registry connections into using insecure communications to transmit authentication and image data.”

From the forum post:

Communications between the Docker client and daemon and between the Docker daemon and the registry may be vulnerable to the POODLE attack as described in CVE-2014-3566. In response, both client and server support for SSLv3 has been disabled in Docker 1.3.1. Instead, both clients communicating with the Docker Remote API and private registry servers should support TLS 1.0 or greater.

Docker

The error was spotted by Docker founder and CTO Solomon Hykes along with Red Hat product security researcher Florian Weimer.

By upgrading to the new Docker 1.3.1, users can supposedly avoid getting bit by the Poodle bug.

Post and thumbnail images courtesy of Flickr user Greg Westall.

Image copyright Greg Westall/Flickr.

Related research and analysis from Gigaom Research:
Subscriber content. Sign up for a free trial.

More From paidContent.org

This week in bitcoin: FinCEN guidelines label exchanges, payments processors as money transmitters

California McDonald's Franchise Owner Says, 'The Focus Is On Survival' With 'Unprecedented' $20 Per Hour Minimum Wage Forcing Higher Prices
In response to California's new $20 minimum wage law, fast food franchises are being forced to rethink their business strategies to stay afloat. Scott Rodrick, who owns 18 McDonald's franchises in the state, is considering measures to manage the increased labor costs without resorting to layoffs, which he sees as a last resort. Don't Miss: 82% of Americans aren’t using this government secured 5% passive income stream, are you one of them? The average American couple has saved this much money for
Benzinga•16h ago
Exclusive-China acquired recently banned Nvidia chips in Super Micro, Dell servers, tenders show
A Reuters review of hundreds of tender documents shows 10 Chinese entities acquired advanced Nvidia chips embedded in server products made by Super Micro Computer Inc., Dell Technologies Inc. and Taiwan's Gigabyte Technology Co Ltd after the U.S. on Nov. 17 expanded the embargo to subject more chips and countries to licensing rules. Specifically, the servers contained some of Nvidia's most advanced chips, according to the previously unreported tenders fulfilled between Nov. 20 and Feb. 28.
Reuters•6h ago
Former House Speaker Nancy Pelosi Can't Stop Buying the 1 Artificial Intelligence (AI) Stock Billionaires Have Been Eager to Sell
Though this highflying stock is making Nancy Pelosi and her venture capitalist husband richer, more than a half-dozen billionaires have sent it to the chopping block.
Motley Fool•1d ago
Sam Bankman-Fried Agrees to Help FTX Investors Go After Celeb Promoters
Sam Bankman-Fried has inked a settlement agreement with a group of FTX customers who have agreed to drop their class action lawsuit against him in exchange for his help going after celebrity promoters of the collapsed exchange.
CoinDesk•18h ago
Apple stock will soar 36% as it gears up to launch an AI-enable iPhone, BofA says
Bank of America said Apple could announce a 5% dividend increase and $90 billion share buyback program when it releases earnings next week.
Business Insider•10h ago
2 Artificial Intelligence (AI) Stocks That Could Fall 19% and 65%, According to a Pair of Wall Street Analysts
AI stocks have soared over the last year, but these two could be at risk of a sell-off.
Motley Fool•16h ago
Why the Magnificent 7's 'momentum is collapsing'
Six of the largest tech companies are expected to see earnings growth slow over the next year, leaving room for other companies to lead the next leg of the stock market rally, UBS analysts say.
Yahoo Finance•3h ago
This Is Hands Down My Pick for the Best "Magnificent Seven" Stock Right Now. (Hint: It's Not Nvidia.)
The "Magnificent Seven" garner a lot of hype in artificial intelligence (AI). But one company sticks out thanks to savvy investments and strong financials.
Motley Fool•2h ago
It's Time to Ditch These 2 "Magnificent Seven" Stocks and Replace Them With 2 Bona Fide Outperformers
Among Microsoft, Apple, Nvidia, Alphabet, Amazon, Meta Platforms, and Tesla, there are two former highfliers that are no longer magnificent.
Motley Fool•1d ago
2 Cheap Dividend Stocks Paying 6% or More That Could Beat the Market in 2024 and Beyond
Not only are these stocks great for income, but they can be more exciting investments than you think.
Motley Fool•1d ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Yahoo Finance

New Docker release helps users avoid the Poodle bug

Recommended Stories

California McDonald's Franchise Owner Says, 'The Focus Is On Survival' With 'Unprecedented' $20 Per Hour Minimum Wage Forcing Higher Prices

Exclusive-China acquired recently banned Nvidia chips in Super Micro, Dell servers, tenders show

Former House Speaker Nancy Pelosi Can't Stop Buying the 1 Artificial Intelligence (AI) Stock Billionaires Have Been Eager to Sell

Sam Bankman-Fried Agrees to Help FTX Investors Go After Celeb Promoters

Apple stock will soar 36% as it gears up to launch an AI-enable iPhone, BofA says

2 Artificial Intelligence (AI) Stocks That Could Fall 19% and 65%, According to a Pair of Wall Street Analysts

Why the Magnificent 7's 'momentum is collapsing'

This Is Hands Down My Pick for the Best "Magnificent Seven" Stock Right Now. (Hint: It's Not Nvidia.)

It's Time to Ditch These 2 "Magnificent Seven" Stocks and Replace Them With 2 Bona Fide Outperformers

2 Cheap Dividend Stocks Paying 6% or More That Could Beat the Market in 2024 and Beyond