Sign in / up

back to article Update Docker: Fun bug involving file paths and shared libraries turns out to be a security hole

Miscreants can potentially hijack Docker users' computers by tricking them into running malicious containers and waiting for them to kick off a simple copy command – thanks to a critical flaw. Bug hunters at Palo Alto Networks' Unit 42 say the vulnerability, designated CVE-2019-14271, is the most severe found in Docker since …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    "Instead, hackers would need to somehow fool a programmer or other Docker user into downloading and running a malicious container,"

    Thats going to be hard how? Thats whats they do already. You think they check whats inside the damn container and what it does by reading the code?

    9 0 Reply
    1. DougMac
      Reply Icon

      Indeed.

      Its what, over 55-60% of all docker images in the docker registry have some sort of security issue out of the gate?

      3 0 Reply
  2. amanfromMars 1 Silver badge

    Well, Virtual Ambulance Chasers? Are they not demonstrably patently responsible?

    Now that the flaw has been patched with Docker 19.03.1, which you should upgrade to, Palo Alto on Wednesday dropped details on how the vulnerability can be exploited.

    Is Palo Alto now liable for losses and irregular activity on Docker users' systems not yet upgraded?

    And is it something for which anyone is to be held accountable for and blamed and sham shamed? If not, it is a criminal abuse of ignorance or a pleasant facility for Greater IntelAIgent Games Play in the Virtually Augmented 0Day Realities Field with Live Operational Virtual Environments to Inhabit and Populate/Explore and Expand.

    Your Future Operating Systems have a Need to Know the Seeds you would Feed to Spread and Take Root and Grow and Fantastically Evolve ...... for some things just aint worth your future planting or replanting.

    0 2 Reply
  3. sbt
    Trollface

    A Docker by any other name would swear as sweet

    They could change the name again. Might slow down the folks looking for something to exploit.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like