https://bugzilla.redhat.com/show_bug.cgi?id=1167506
Bug ID: 1167506
Summary: CVE-2014-6408 docker: potential container escalation
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: mmcallis(a)redhat.com
CC: admiller(a)redhat.com, dwalsh(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
jchaloup(a)redhat.com, jperrin(a)centos.org,
lsm5(a)fedoraproject.org, mattdm(a)redhat.com,
mgoldman(a)redhat.com, miminar(a)redhat.com, s(a)shk.io,
thrcka(a)redhat.com, vbatts(a)redhat.com
The following flaw has been fixed in Docker 1.3.2:
""
Docker versions 1.3.0 through 1.3.1 allowed security options to be applied
to images, allowing images to modify the default run profile of containers
executing these images. This vulnerability could allow a malicious image
creator to loosen the restrictions applied to a container’s processes,
potentially facilitating a break-out.
Docker 1.3.2 remedies this vulnerability. Security options applied to
images are no longer consumed by the Docker engine and will be ignored.
Users are advised to upgrade.
""
Acknowledgements:
Red Hat would like to thank the Docker project for reporting this issue.
Reference:
http://seclists.org/oss-sec/2014/q4/781
--
You are receiving this mail because:
You are on the CC list for the bug.