[v3.0] docker: multiple issues (CVE-2014-6407, CVE-2014-6408)
CVE-2014-6407:
Docker before 1.3.2 allows remote attackers to write to arbitrary files
and execute arbitrary code via a (1) symlink or (2) hard link attack in
an image archive in a (a) pull or (b) load operation.
CVE-2014-6408:
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default
run profile of image containers and possibly bypass the container by
applying unspecified security options to an image.
References:
CONFIRM: https://docs.docker.com/v1.3/release-notes/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6408
(from redmine: issue id 3748, created on 2015-01-26, closed on 2017-09-05)
- Relations:
- parent #3747