Docker Server Version Detection

Binary data 8596.prm...

Docker Releases Security Updates

Docker versions 1.3.3 and 1.4.0 have been released to address multiple security vulnerabilities, one of which could allow a remote attacker to take control of a vulnerable system. Users and administrators are encouraged to review the Docker Security Advisory and apply the necessary updates. This...

Critical: docker

Issue Overview: Path traversal attacks are possible in the processing of absolute symlinks. In checking symlinks for traversals, only relative links were considered. This allowed path traversals to exist where they should have otherwise been prevented. This was exploitable via both archive...

docker: Path traversal and spoofing opportunities presented through image identifiers

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...

docker: symbolic and hardlink issues leading to privilege escalation

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

Low: Red Hat Bug Fix Advisory: docker bug fix and enhancement update

An updated docker package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 7 Extras. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually...

openSUSE Security Update : docker (openSUSE-SU-2014:1596-1)

docker was updated to version 1.3.2 to fix two security issues. These security issues were fixed : - Symbolic and hardlink issues leading to privilege escalation CVE-2014-6407. - Potential container escalation CVE-2014-6408. There non-security issues were fixed : - Fix deadlock in docker ps -f...

Security update for docker (important)

docker was updated to version 1.3.2 to fix two security issues. These security issues were fixed: - Symbolic and hardlink issues leading to privilege escalation CVE-2014-6407. - Potential container escalation CVE-2014-6408. There non-security issues were fixed: - Fix deadlock in docker ps -f...

PT-2014-7211 · Docker +1 · Docker +1

Name of the Vulnerable Software and Affected Versions: Docker versions 1.3.0 through 1.3.1 Description: The issue allows remote attackers to modify the default run profile of image containers. This could possibly lead to bypassing the container by applying unspecified security options to an image...

Oracle Linux 6 / 7 : docker (ELSA-2014-3095)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3095 advisory. - Update source to 1.3.2 from https://github.com/docker/docker/releases/tag/v1.3.2 Prevent host privilege escalation from an image extraction...

docker security and bug fix update

1.3.2-1.0.1 - Rename requirement of docker-io-pkg-devel in %package devel as docker-pkg-devel - Restore SysV init scripts for Oracle Linux 6 - Require Oracle Unbreakable Enterprise Kernel Release 3 or higher - Rename as docker. - Re-enable btrfs graphdriver support 1.3.2-1 - Update source to 1.3....

Fedora 21 : docker-io-1.3.2-2.fc21 (2014-15779)

Security fix for CVE-2014-6407, CVE-2014-6408 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

[SECURITY] Fedora 21 Update: docker-io-1.3.2-2.fc21

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

Docker 1.3.2 - Security Advisory [24 Nov 2014]

Today, we are releasing Docker 1.3.2 in order to address two critical security issues. This release also includes several bugfixes, including changes to the insecure-registry option. Below are CVE descriptions for the vulnerabilities addressed in this release. Docker 1.3.2 is available immediatel...

Amazon Linux AMI : docker (ALAS-2014-454)

Docker versions 1.3.0 through 1.3.1 allowed security options to be applied to images, allowing images to modify the default run profile of containers executing these images. This vulnerability could allow a malicious image creator to loosen the restrictions applied to a container's processes,...

Critical: docker

Issue Overview: Docker versions 1.3.0 through 1.3.1 allowed security options to be applied to images, allowing images to modify the default run profile of containers executing these images. This vulnerability could allow a malicious image creator to loosen the restrictions applied to a container'...

Docker Releases Security Advisory

Docker has released a critical security advisory to address vulnerabilities in Docker versions prior to version 1.3.2, one of which could allow an attacker to escalate privileges and execute remote code on an affected system. US-CERT encourages users and administrators to review Docker's Security...

Important: Red Hat Security Advisory: bash Shift_JIS security update

Updated bash ShiftJIS packages that fix one security issue are now available for Red Hat Enterprise Linux 5.9 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...