Docker vulnerability exposed, users urged to upgrade for cloud security

Grazed from CloudTech.  Author: James Bourne.

Docker, the Linux container for run-anywhere apps, has a major vulnerability in all but the latest version of its software which can enable malicious code to extract hosted files.

The vuln, described as ‘critical’ in severity, was first spotted by Red Hat’s security researcher Florian Weimer and independent researcher Taunis Tiigi, with Docker crediting them in a security advisory…


“The Docker engine, up to and including version 1.3.1, was vulnerable to extracting files to arbitrary paths on the host during ‘Docker pull’ and ‘Docker load’ operations,” it reads. “This was caused by symlink and hardlink traversals present in Docker’s image extraction…

Read more from the source @ http://www.cloudcomputing-news.net/news/2014/nov/27/docker-vulnerability-exposed-users-urged-upgrade-cloud-security/