DescriptionDocker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
- SUSE-SU-2015:0082-1, published Mon Jan 19 09:04:40 MST 2015
- openSUSE-SU-2014:1722-1, published Sat, 27 Dec 2014 22:07:27 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Linux Enterprise Module for Containers 12|| |
|SUSE Linux Enterprise Module for Containers 15 SP1|| |
|SUSE Linux Enterprise Module for Containers 15 SP2|| |
|SUSE Linux Enterprise Module for Containers 15|| |
|SUSE Linux Enterprise Server 12 |
SUSE Linux Enterprise Server for SAP Applications 12
|SUSE OpenStack Cloud 6|| |
|openSUSE Tumbleweed|| ||Patchnames:
openSUSE Tumbleweed GA docker
Status of this issue by product and package
Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.
|SUSE Linux Enterprise Module for Containers 12||docker||Released|