Candidate: CVE-2014-9356
PublicDate: 2019-12-02 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9356
 https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ
Description:
 Path traversal vulnerability in Docker before 1.3.3 allows remote attackers
 to write to arbitrary files and bypass a container protection mechanism via
 a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909
Priority: high
Discovered-by: Tõnis Tiigi
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N [8.6 HIGH]

Patches_docker.io:
upstream_docker.io: released (1.3.3)
lucid_docker.io: DNE
precise_docker.io: DNE
precise/esm_docker.io: DNE
trusty_docker.io: not-affected (1.6.2~dfsg1-1ubuntu4~14.04.1)
trusty/esm_docker.io: DNE (trusty was not-affected [1.6.2~dfsg1-1ubuntu4~14.04.1])
utopic_docker.io: ignored (reached end-of-life)
vivid_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
vivid/stable-phone-overlay_docker.io: DNE
vivid/ubuntu-core_docker.io: DNE
wily_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
xenial_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
yakkety_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
zesty_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)
devel_docker.io: not-affected (1.3.3~dfsg1-2ubuntu1)