[Bug 1396572] Re: Critcial security vulnerabilties in docker < 1.3.3
Launchpad Bug Tracker
1396572 at bugs.launchpad.net
Fri Dec 19 15:02:25 UTC 2014
This bug was fixed in the package docker.io - 1.3.3~dfsg1-1ubuntu1
---------------
docker.io (1.3.3~dfsg1-1ubuntu1) vivid; urgency=medium
* Merge from Debian unstable (LP: #1396572), remaining changes:
- d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be
in sync with LXC.
docker.io (1.3.3~dfsg1-1) unstable; urgency=medium
[ Tianon Gravi ]
* Update to 1.3.3 upstream release (Closes: #772909)
- Fix for CVE-2014-9356 (Path traversal during processing of absolute
symlinks)
- Fix for CVE-2014-9357 (Escalation of privileges during decompression of
LZMA (.xz) archives)
- Fix for CVE-2014-9358 (Path traversal and spoofing opportunities presented
through image identifiers)
* Fix bashism in nuke-graph-directory.sh (Closes: #772261)
[ Didier Roche ]
* Support starting systemd service without /etc/default/docker
(Closes: #770293)
-- James Page <james.page at ubuntu.com> Fri, 19 Dec 2014 14:32:31 +0000
** Branch linked: lp:ubuntu/vivid-proposed/docker.io
** Changed in: docker.io (Ubuntu Vivid)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to docker.io in Ubuntu.
https://bugs.launchpad.net/bugs/1396572
Title:
Critcial security vulnerabilties in docker < 1.3.3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1396572/+subscriptions
More information about the Ubuntu-server-bugs
mailing list