"which could have allowed an attacker to craft a malicious image that wrote files to arbitrary directories on disk"
Of course if the source of the software (the image) you are downloading and installing has already been pwned by an attacker, then you are in pretty serious trouble in any case. Even without this exploit they could do all sorts of bad things just with normal rights, such as writing to your database.
This problem applies to any sort of software installation, not just Docker. With or without this bug, you would probably be best advised to nuke the server and re-install from trusted sources.
I've looked at the Docker image repos, and I don't see any mention of image signatures. If they aren't signing images, they should be, like Linux repos do.