Docker 1.3.3 Release Fixed Three Vulnerabilities

Docker has emerged over the course of 2014 to become a popular technology for application virtualization and now has the support of Amazon, IBM, VMware, Microsoft and Red Hat, among others.

One of the issues fixed in Docker 1.3.3 is identified as CVE-2014-9357 and is a privilege-escalation flaw that was introduced in the Docker 1.3.2 update. Docker 1.3.2 debuted on Nov. 24, providing users with a pair of security updates.

“It has been discovered that the introduction of chroot for archive extraction in Docker 1.3.2 had introduced a privilege escalation vulnerability,” Docker warned in its advisory. “Malicious images or builds from malicious Dockerfiles could escalate privileges and execute arbitrary code as a privileged root user on the Docker host by providing a malicious ‘xz’ binary.”

Read the full story at eWEEK:
Docker Updates for Three Security Vulnerabilities

Sean Michael Kerner is a senior editor at Follow him on Twitter @TechJournalist.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web