First Last Prev Next    This bug is not in your last search results.
Bug 923958 - (CVE-2014-0048) VUL-0: CVE-2014-0048: Docker: multiple files downloaded over HTTP and executed or used unsafely
(CVE-2014-0048)
VUL-0: CVE-2014-0048: Docker: multiple files downloaded over HTTP and execute...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Flavio Castelli
Security Team bot
https://smash.suse.de/issue/115008/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-03-24 11:04 UTC by Marcus Meissner
Modified: 2015-03-25 08:33 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-03-24 11:04:04 UTC 
via rh bugzilla

Kurt Seifried of the Red Hat Security Response Team reports:

There are a number of programs and scripts in Docker that download content via 
HTTP and then execute the content or use it in other unsafe ways (e.g. signing
keys used to further verify content that is downloaded and executed).

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1063550
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0048

This probably was already cleaned up (1.3.1?) and released by us.
Comment 1 Swamp Workflow Management 2015-03-24 23:00:46 UTC 
bugbot adjusting priority
Comment 2 Flavio Castelli 2015-03-25 08:33:53 UTC 
As stated also on the Red Hat bug entry this does not apply to docker 1.5.0, which is the version we have currently released.

Closing.
First Last Prev Next    This bug is not in your last search results.