SB2020010215 - Input validation error in Docker

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2014-0048)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.

Remediation

Install update from vendor's website.

References

• http://www.openwall.com/lists/oss-security/2015/03/24/18
• http://www.openwall.com/lists/oss-security/2015/03/24/22
• http://www.openwall.com/lists/oss-security/2015/03/24/23
• https://access.redhat.com/security/cve/cve-2014-0048
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0048
• https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0048
• https://security-tracker.debian.org/tracker/CVE-2014-0048