search

tianon / docker-brew-ubuntu-core

DEPRECATED; see https://github.com/tianon/docker-brew-ubuntu-core/pull/248
https://partner-images.canonical.com/oci/
Apache License 2.0
586 stars 454 forks source link

Update official images to patch CVE-2014-6271: remote code execution through bash #18

Closed djdefi closed 10 years ago

djdefi commented 10 years ago

http://www.openwall.com/lists/oss-security/2014/09/24/10

docker run -it ubuntu:trusty env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
Unable to find image 'ubuntu:trusty' locally
Pulling repository ubuntu
53bf7a53e890: Download complete 
511136ea3c5a: Download complete 
134b5dc84bc7: Download complete 
692254366b1a: Download complete 
ed98671f0531: Download complete 
bffdbd3bc4b2: Download complete 
964692831e07: Download complete 
vulnerable
this is a test

More info here: http://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/

ghost commented 10 years ago

Seems this has been updated b24589b

tianon commented 10 years ago

Please see https://github.com/docker-library/official-images/issues/213, which is going to be the canonical source on this for now. Thanks for the heads up!