Candidate: CVE-2014-6407
PublicDate: 2014-12-12 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6407
Description:
 Docker before 1.3.2 allows remote attackers to write to arbitrary files and
 execute arbitrary code via a (1) symlink or (2) hard link attack in an
 image archive in a (a) pull or (b) load operation.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6407
Priority: medium
Discovered-by: Florian Weimer and Tõnis Tiigi
Assigned-to:
CVSS: 

Patches_docker.io:
upstream_docker.io: released (1.3.2~dfsg1-1)
lucid_docker.io: DNE
precise_docker.io: DNE
precise/esm_docker.io: DNE
trusty_docker.io: not-affected (1.6.2~dfsg1-1ubuntu4~14.04.1)
trusty/esm_docker.io: DNE (trusty was not-affected [1.6.2~dfsg1-1ubuntu4~14.04.1])
utopic_docker.io: ignored (reached end-of-life)
vivid_docker.io: not-affected (1.3.2~dfsg1-1)
vivid/stable-phone-overlay_docker.io: DNE
vivid/ubuntu-core_docker.io: DNE
wily_docker.io: not-affected (1.3.2~dfsg1-1)
xenial_docker.io: not-affected (1.3.2~dfsg1-1)
yakkety_docker.io: not-affected (1.3.2~dfsg1-1)
zesty_docker.io: not-affected (1.3.2~dfsg1-1)
devel_docker.io: not-affected (1.3.2~dfsg1-1)