923959 – (CVE-2014-0047) VUL-0: CVE-2014-0047: Docker: multiple temporary file creation vulnerabilities

Bug 923959 (CVE-2014-0047) - VUL-0: CVE-2014-0047: Docker: multiple temporary file creation vulnerabilities

Summary: VUL-0: CVE-2014-0047: Docker: multiple temporary file creation vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2014-0047

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Flavio Castelli
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/115010/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-03-24 11:05 UTC by Marcus Meissner
Modified:	2015-03-25 08:35 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-03-24 11:05:54 UTC

via rh bugzilla:

Kurt Seifried of the Red Hat Security Response Team reports:

A number of unsafe uses of /tmp, ranging from actual code to test code and
documentation exmaples. In general many are due to unsafe use in bash scripts, 
and can be fixed by using mktemp() correctly. There is also at least one Ruby 
one (the Vagrant file) and several go scripts that use bash command lines 
unsafely.


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1063549
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0047

Comment 1 Swamp Workflow Management 2015-03-24 23:00:59 UTC

bugbot adjusting priority

Comment 2 Flavio Castelli 2015-03-25 08:35:03 UTC

As stated also on the Red Hat bug entry, this does not apply to version 1.5. Which is the version we currently ship.

Closing.