Version 1.8.3 of Docker fixed a couple of relatively minor security issues:

  • CVE-2014-8178 Fixes a problem where Docker image layers are stored in a non-globally unique identifier vulnerable to collision attack.
  • CVE-2014-8179 Fixes a vulnerability where an injection is possible during the validation and extraction of the manifest object from its JSON representation.

The solution, obviously, is to upgrade to version 1.8.3.

More on GitHub. Secunia also has an advisory on it, here.

Alex Eckelberry