Docker 1.12.2 - Security Advisory

Docker Engine version 1.12.3 has been released to address a vulnerability in Docker Engine 1.12.2’s usage of ambient capabilities and is immediately available for all supported platforms. Users are advised to upgrade existing installations of the Docker Engine and use 1.12.3 for new installations.

Please send any questions to security@docker.com.

==============================================================
[CVE-2016-8867] Incorrect application of ambient capabilities

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes, provided the underlying kernel supports ambient capabilities (version 4.3+).

Discovered by Guillaume Tardif.

Users are advised to upgrade to Docker 1.12.3. Versions prior to Docker 1.12.2 are unaffected.