drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Fehlerhafte Zugriffsrechte in LXC
| Name: |
Fehlerhafte Zugriffsrechte in LXC |
|
| ID: |
USN-2104-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 13.10 |
|
| Datum: |
Mi, 12. Februar 2014, 23:08 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6441 |
|
| Applikationen: |
LXC |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8125171659636938926==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="sNRhUnrFu5R0mfKSdrxkwqQ297jfpfcnE"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--sNRhUnrFu5R0mfKSdrxkwqQ297jfpfcnE
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-2104-1
February 12, 2014
lxc vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
Summary:
LXC would allow unintended access to the host, bypassing intended
confinement.
Software Description:
- lxc: Linux Containers userspace tools
Details:
Florian Sagar discovered that the LXC sshd template set incorrect mount
permissions. An attacker could possibly use this flaw to cause privilege
escalation on the host.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
lxc-templates 1.0.0~alpha1-0ubuntu14.1
After a standard system update you need to recreate LXC containers created
with the sshd template to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2104-1
CVE-2013-6441
Package Information:
https://launchpad.net/ubuntu/+source/lxc/1.0.0~alpha1-0ubuntu14.1
--sNRhUnrFu5R0mfKSdrxkwqQ297jfpfcnE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJS+8aoAAoJEGVp2FWnRL6TWogQAJT7f716gzSi6jh7El3yQeot
A2A1mPXiwppflZbts4U98vVRweoAOobG47vcHwhwGhFb3OABjhTytldWc1Ig8u7S
WRpCHdJcvhBdeYIlw6Q/W/wwZmM0srMJXM1fgzpCwkSlcPU/zVIQ8FoT8b7hNDtZ
nbO6Pf7ujXr/cEDrG6dt5R2uiGXiDllOyT/SFAIAQOd/hsrtyGgSZFNF/3g3g9hm
nDFLNHVWqNkicZYnLzDe8/u/hxjWF2aHQy8ZdFGoVMCsXFIM4Kr5PSY3pv/ZYPCk
ZVKhpn/PABW3Uc0ttWtOX4IzKAyhRHEretSMM3+2HU7vSL4Rv5xZPgfhqloEJ4uO
d8spiPRF0qcFNBiYmexNEg9s+VVT8E6Qc1XEhuQGJqOCKLxoG1V3mUCP4m6QLds3
+HPhiwodP84/JdEGD7p4g98nSGTBRJZmXcu4lBo2dezXMXirF+7Yic7uvBES2SpP
KEpYWTGh5sNwnN+WZBZsT5LyVxXBjvTjve1WSn/nQeofKhH5mJtdQEfGCQg6l4ZZ
O1kOzhJkequVrJycHMmQO1MaamXF1uJaOmBdd4+xJD6UBZJN0d9jAM9ultt1DCCm
iS0K6CiLQjKf6xLdAFaM+hBLRuICJlw7Cx45oCuIzMfmQDRVECC3w6876vgAklBg
lGPwqgB4AuGqO0PHYy08
=hQYy
-----END PGP SIGNATURE-----
--sNRhUnrFu5R0mfKSdrxkwqQ297jfpfcnE--
--===============8125171659636938926==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8125171659636938926==--
|
|
|
|
