[v3.1] docker: multiple issues (CVE-2014-6407, CVE-2014-6408)
CVE-2014-6407:
Docker before 1.3.2 allows remote attackers to write to arbitrary files
and execute arbitrary code via a (1) symlink or (2) hard link attack in
an image archive in a (a) pull or (b) load operation.
CVE-2014-6408:
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default
run profile of image containers and possibly bypass the container by
applying unspecified security options to an image.
References:
CONFIRM: https://docs.docker.com/v1.3/release-notes/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6408
(from redmine: issue id 3749, created on 2015-01-26, closed on 2017-05-17)
- Relations:
- parent #3747
- Changesets:
- Revision d6757295 on 2015-01-26T15:26:10Z:
main/docker: security upgrade to 1.4.1 (CVE-2014-6407, CVE-2014-6408)
fixes #3749
(cherry picked from commit b9178b31324711f7c87e0c98be7695b9a049baf0)