Bug 1063549 (CVE-2014-0047)

Summary: CVE-2014-0047 Docker: multiple temporary file creation vulnerabilities
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bsarathy, carnil, dwalsh, jkeck, jrieden, jrusnack, lwang, pfrields, sct, security-response-team, tjay
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-24 05:19:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1063553    
Bug Blocks: 1063551    

Description Kurt Seifried 2014-02-11 01:24:50 UTC 
Kurt Seifried of the Red Hat Security Response Team reports:

A number of unsafe uses of /tmp, ranging from actual code to test code and
documentation exmaples. In general many are due to unsafe use in bash scripts, 
and can be fixed by using mktemp() correctly. There is also at least one Ruby 
one (the Vagrant file) and several go scripts that use bash command lines 
unsafely.
Comment 2 Trevor Jay 2015-03-24 05:19:04 UTC 
Under 1.5, I deleted /tmp, started the docker service, pulled an image, and started a container with no mishaps or creation of /tmp.