Docker 1.3.3 Release Fixed Three Vulnerabilities
Page 1 of 1
Docker has emerged over the course of 2014 to become a popular technology for application virtualization and now has the support of Amazon, IBM, VMware, Microsoft and Red Hat, among others.
One of the issues fixed in Docker 1.3.3 is identified as CVE-2014-9357 and is a privilege-escalation flaw that was introduced in the Docker 1.3.2 update. Docker 1.3.2 debuted on Nov. 24, providing users with a pair of security updates.
"It has been discovered that the introduction of chroot for archive extraction in Docker 1.3.2 had introduced a privilege escalation vulnerability," Docker warned in its advisory. "Malicious images or builds from malicious Dockerfiles could escalate privileges and execute arbitrary code as a privileged root user on the Docker host by providing a malicious 'xz' binary."