[Secure-testing-team] Bug#784726: docker.io: CVE-2015-3627 CVE-2015-3629 CVE-2015-3630 CVE-2015-3631
Salvatore Bonaccorso
carnil at debian.org
Fri May 8 04:54:06 UTC 2015
Source: docker.io
Version: 1.6.0+dfsg1-1
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for docker.io.
CVE-2015-3627[0]:
Insecure opening of file-descriptor 1 leading to privilege escalation
CVE-2015-3629[1]:
Symlink traversal on container respawn allows local privilege escalation
CVE-2015-3630[2]:
Read/write proc paths allow host modification & information disclosure
CVE-2015-3631[3]:
Volume mounts allow LSM profile escalation
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3627
[1] https://security-tracker.debian.org/tracker/CVE-2015-3629
[2] https://security-tracker.debian.org/tracker/CVE-2015-3630
[3] https://security-tracker.debian.org/tracker/CVE-2015-3631
[4] http://www.openwall.com/lists/oss-security/2015/05/07/10
Regards,
Salvatore
More information about the Secure-testing-team
mailing list