Docker could be made to overwrite files as the administrator.
Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root.
8 July 2019
A security issue affects these releases of Ubuntu and its derivatives:
Docker could be made to overwrite files as the administrator.
Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.