Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-6408

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.

Related bugs and status

CVE-2014-6408 (Candidate) is related to these bugs:

Bug #1396572: Critcial security vulnerabilties in docker < 1.3.3

		In	Importance	Status
1396572	Critcial security vulnerabilties in docker < 1.3.3	docker.io (Ubuntu)	High	Fix Released
1396572	Critcial security vulnerabilties in docker < 1.3.3	docker.io (Ubuntu Utopic)	High	Won't Fix
1396572	Critcial security vulnerabilties in docker < 1.3.3	docker.io (Ubuntu Vivid)	High	Fix Released
1396572	Critcial security vulnerabilties in docker < 1.3.3	docker.io (Ubuntu Trusty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014112...
CONFIRM: https://docs.docker.co...
FEDORA: FEDORA-2014-15779
SUSE: openSUSE-SU-2014:1596
SECUNIA: 60171
SECUNIA: 60241