github.com/docker/docker is vulnerable to arbitrary file writes and remote code execution (RCE). Attackers can perform these attacks using a hard link image attack in an image archive or through a symlink attack.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/docker/docker | eq | HEAD | |
github.com/docker/docker | le | 1.3.1 |
lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html
lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html
secunia.com/advisories/60171
secunia.com/advisories/60241
www.openwall.com/lists/oss-security/2014/11/24/5
docs.docker.com/v1.3/release-notes/
github.com/docker/docker/commit/3ac6394b8082d4700483d52fbfe54914be537d9e