Bugzilla – Bug 923958
VUL-0: CVE-2014-0048: Docker: multiple files downloaded over HTTP and executed or used unsafely
Last modified: 2015-03-25 08:33:53 UTC
via rh bugzilla
Kurt Seifried of the Red Hat Security Response Team reports:
There are a number of programs and scripts in Docker that download content via
HTTP and then execute the content or use it in other unsafe ways (e.g. signing
keys used to further verify content that is downloaded and executed).
This probably was already cleaned up (1.3.1?) and released by us.
bugbot adjusting priority
As stated also on the Red Hat bug entry this does not apply to docker 1.5.0, which is the version we have currently released.