Red Hat Security Advisory 2015-0623-02 - Docker is a service providing container management on Linux. It was found that a malicious container image could overwrite arbitrary portions of the host file system by including absolute symlinks, potentially leading to privilege escalation. A flaw was found in the way the Docker service unpacked images or builds after a "docker pull". An attacker could use this flaw to provide a malicious image or build that, when unpacked, would escalate their privileges on the system.
b581930ce0397bce0eade8c5c949a5eb38aa213d9ccdf7a171cc881f8b97c979Docker version 1.3.3 has been released to address privilege escalation, path traversal, and spoofing vulnerabilities.
8500831f87dd1053a5b03c9bb78a961217c43693b105c24e9149353125d6553a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed