Posted on 25 November 2014.If you're using Docker, the open source platform for building, shipping and running distributed applications on almost any platform, be sure to update to the latest version (v1.3.2), as all previous ones sport a critical bug that can be misused by an attacker to gain elevated privileges execute malicious code remotely.
The update was released on Monday - for all supported platforms - and can be picked up here.
"The Docker engine, up to and including version 1.3.1, was vulnerable to extracting files to arbitrary paths on the host during ‘docker pull’ and ‘docker load’ operations. This was caused by symlink and hardlink traversals present in Docker's image extraction," the company behind the software explained the problem in a security advisory. Full Article
New Docker version solves critical bugs, update immediately
Userlevel 7
+54
Userlevel 7
National Cyber Awareness System:
Docker Releases Security Advisory11/24/2014 09:48 PM EST
Original release date: November 24, 2014
Docker has released a critical security advisory to address vulnerabilities in Docker versions prior to version 1.3.2, one of which could allow an attacker to escalate privileges and execute remote code on an affected system.
Read more >>
Docker Releases Security Advisory11/24/2014 09:48 PM EST
Original release date: November 24, 2014
Docker has released a critical security advisory to address vulnerabilities in Docker versions prior to version 1.3.2, one of which could allow an attacker to escalate privileges and execute remote code on an affected system.
Read more >>
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.