Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in LXC (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in LXC (Aktualisierung)
ID: USN-2753-3
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS
Datum: Di, 6. Oktober 2015, 07:01
Referenzen: Keine Angabe
Applikationen: LXC
Update von: Preisgabe von Informationen in LXC

Originalnachricht


--===============1569423580693713632==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="81JctsDUVPekGcy+"
Content-Disposition: inline


--81JctsDUVPekGcy+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-2753-3
October 05, 2015

lxc regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

USN-2753-1 introduced a regression in LXC.

Software Description:
- lxc: Linux Containers userspace tools

Details:

USN-2753-1 fixed a vulnerability in LXC. The update caused a regression
that prevented some containers from starting. This regression only
affected containers that had a path that contained a '/./' directory
specified as a bind mount target in their configuration file. This
update fixes the problem. We apologize for the inconvenience.

Original advisory details:

Roman Fiedler discovered a directory traversal flaw in lxc-start. A local
attacker with access to an LXC container could exploit this flaw to run
programs inside the container that are not confined by AppArmor or expose
unintended files in the host to the container.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
liblxc1 1.0.7-0ubuntu0.7
lxc 1.0.7-0ubuntu0.7
lxc-dev 1.0.7-0ubuntu0.7
lxc-templates 1.0.7-0ubuntu0.7
lxc-tests 1.0.7-0ubuntu0.7
python3-lxc 1.0.7-0ubuntu0.7

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2753-3
http://www.ubuntu.com/usn/usn-2753-1
https://launchpad.net/bugs/1501491

Package Information:
https://launchpad.net/ubuntu/+source/lxc/1.0.7-0ubuntu0.7


--81JctsDUVPekGcy+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWEvRRAAoJEC8Jno0AXoH0U0wQALCVm8j7jcpxvzDPebO+wZl8
X59Lq/1BRJw0vb6tOBsc1PO5OAU6COV0f2y4NV35ylewaHHghVbx8vOk3A7IgDWA
qByIfWo+BkshC0QduUFaZO0Au76xnxlF0myYT8XV6fMQfJEvbonsuebHdyONCYYm
VQtkFSqMj0i/TKJKA+9vkIUZQCs2pspQningAJ9m7x01TbSX+i/YC8U1nDk4XAQ1
r2LZxMW6njklrnmNbP7nHWEsZEGL/qxZFU26MAHiAv9mBKbFM1QrZ7L4cbk3E8NT
hwbJEIinYyNq0ipjgSgR7QxGq0Lx8Wb29dnXSiAGwPcm1SXq4734hsh4kfETm+59
/Mc66wENXqVgnPzrj3L7k1j57kMyR9+y+f3XRjX1dKrSuQgwrP5ox4sCKt6d/lS7
69OYxTsxnUWRaxaikuHyLpHJDj/PU3Y4UWMuAk+4Mm0pKUMD4D1EVsjmlDabIMtD
xS0/ko87Esl5O1h67xhI6drs6cWwSOrps7qEpX27i7JoQfk4y2FSt+3QDdLetbz2
zkEyD/R5RhoHS/fLcmUSZ4nFCECn7qkArndER6AIGk7d7xNRHnLFuIK27d8JGUpc
oZptiyHTqv7nKvtShjju44IbTgDOCXzKrjLfO14BHIE6RoNADLn8ZKjooneyC22j
v9z6/oTdl6fH77uJOWev
=vB51
-----END PGP SIGNATURE-----

--81JctsDUVPekGcy+--


--===============1569423580693713632==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1569423580693713632==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung