https://bugzilla.redhat.com/show_bug.cgi?id=1167506 Bug ID: 1167506 Summary: CVE-2014-6408 docker: potential container escalation Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: mmcallis(a)redhat.com CC: admiller(a)redhat.com, dwalsh(a)redhat.com, golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com, jchaloup(a)redhat.com, jperrin(a)centos.org, lsm5(a)fedoraproject.org, mattdm(a)redhat.com, mgoldman(a)redhat.com, miminar(a)redhat.com, s(a)shk.io, thrcka(a)redhat.com, vbatts(a)redhat.com The following flaw has been fixed in Docker 1.3.2: "" Docker versions 1.3.0 through 1.3.1 allowed security options to be applied to images, allowing images to modify the default run profile of containers executing these images. This vulnerability could allow a malicious image creator to loosen the restrictions applied to a container’s processes, potentially facilitating a break-out. Docker 1.3.2 remedies this vulnerability. Security options applied to images are no longer consumed by the Docker engine and will be ignored. Users are advised to upgrade. "" Acknowledgements: Red Hat would like to thank the Docker project for reporting this issue. Reference: http://seclists.org/oss-sec/2014/q4/781 -- You are receiving this mail because: You are on the CC list for the bug.