CVE-2014-9357

Published: 16 December 2014

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.

Priority

High

Status

Package Release Status
docker.io
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)