[Bug 1271253] New: CVE-2014-8178 Attacker controlled layer IDs lead to local graph content poisoning

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1271253

            Bug ID: 1271253
           Summary: CVE-2014-8178 Attacker controlled layer IDs lead to
                    local graph content poisoning
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: low
          Priority: low
          Assignee: security-response-t...@redhat.com
          Reporter: t...@redhat.com
                CC: adima...@gmail.com, admil...@redhat.com,
                    dwa...@redhat.com, golang@lists.fedoraproject.org,
                    hushan....@gmail.com, ichav...@redhat.com,
                    jchal...@redhat.com, jper...@centos.org,
                    l...@redhat.com, mgold...@redhat.com,
                    mimi...@redhat.com, s...@shk.io, thr...@redhat.com,
                    vba...@redhat.com, wo...@nobugconsulting.ro




Docker image layers are stored with a non-globally unique identifier vulnerable
to a collision attack. These identifiers are shared during docker pull and
push, allowing poisoning of a host's image cache. This allows maliciously
crafted images to poison subsequently pulled images.

Independently discovered by Florian Weimer of Red Hat and Tõnis Tiigi of the
Docker Engine Tem.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
golang mailing list
golang@lists.fedoraproject.org
https://lists.fedoraproject.org/mailman/listinfo/golang