[Secure-testing-team] Bug#772909: docker.io: CVE-2014-9356 CVE-2014-9357 CVE-2014-9358
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 12 05:43:17 UTC 2014
Source: docker.io
Version: 1.3.2~dfsg1-1
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for docker.io.
CVE-2014-9356[0]:
Path traversal during processing of absolute symlinks
CVE-2014-9357[1]:
Escalation of privileges during decompression of LZMA (.xz) archives
CVE-2014-9358[2]:
Path traversal and spoofing opportunities presented through image identifiers
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-9356
[1] https://security-tracker.debian.org/tracker/CVE-2014-9357
[2] https://security-tracker.debian.org/tracker/CVE-2014-9358
[3] http://www.openwall.com/lists/oss-security/2014/12/12/1
Regards,
Salvatore
More information about the Secure-testing-team
mailing list