Bug 923958 - (CVE-2014-0048) VUL-0: CVE-2014-0048: Docker: multiple files downloaded over HTTP and executed or used unsafely
VUL-0: CVE-2014-0048: Docker: multiple files downloaded over HTTP and execute...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Flavio Castelli
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2015-03-24 11:04 UTC by Marcus Meissner
Modified: 2015-03-25 08:33 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-03-24 11:04:04 UTC
via rh bugzilla

Kurt Seifried of the Red Hat Security Response Team reports:

There are a number of programs and scripts in Docker that download content via 
HTTP and then execute the content or use it in other unsafe ways (e.g. signing
keys used to further verify content that is downloaded and executed).


This probably was already cleaned up (1.3.1?) and released by us.
Comment 1 Swamp Workflow Management 2015-03-24 23:00:46 UTC
bugbot adjusting priority
Comment 2 Flavio Castelli 2015-03-25 08:33:53 UTC
As stated also on the Red Hat bug entry this does not apply to docker 1.5.0, which is the version we have currently released.