Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in LXC
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in LXC
ID: USN-3136-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10
Datum: Do, 24. November 2016, 01:07
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8649
Applikationen: LXC

Originalnachricht


--===============1021775980278734614==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="9amGYk9869ThD9tj"
Content-Disposition: inline


--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3136-1
November 23, 2016

lxc vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

LXC could be made to allow containers to access to the host filesystem.

Software Description:
- lxc: Linux Containers userspace tools

Details:

Roman Fiedler discovered a directory traversal flaw in lxc-attach. An
attacker with access to an LXC container could exploit this flaw to access
files outside of the container.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
liblxc1 2.0.5-0ubuntu1.2
lxc1 2.0.5-0ubuntu1.2

Ubuntu 16.04 LTS:
liblxc1 2.0.5-0ubuntu1~ubuntu16.04.3
lxc1 2.0.5-0ubuntu1~ubuntu16.04.3

Ubuntu 14.04 LTS:
liblxc1 1.0.8-0ubuntu0.4
lxc 1.0.8-0ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3136-1
CVE-2016-8649

Package Information:
https://launchpad.net/ubuntu/+source/lxc/2.0.5-0ubuntu1.2
https://launchpad.net/ubuntu/+source/lxc/2.0.5-0ubuntu1~ubuntu16.04.3
https://launchpad.net/ubuntu/+source/lxc/1.0.8-0ubuntu0.4


--9amGYk9869ThD9tj
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJYNdcuAAoJENaSAD2qAscKpSgQAKS/Bgz0v+6YtRtWIoMcYIhc
kewQ9DMt22ONKC3f/szEYeDE+uBqy4toVDnYWkgXlSkvT1sEFCPXxzb6XEN/r97H
MLb69l0qocPVCRQBswYTmLRSCVBhg7VExXdRLyQk5bKm+8JuRdH0uMFhwtiPiN3L
DBwhuS+supmlhZBhagLI018YRwRajhrMbnO4L7HnHHbiELZzbTff0kNYSMpjfCQh
h4w1Ssf/fWNrOVjx6A9vjw8r8RxJeKgjobyzSgi+DnJCE0lyVjRcNkorHgdj8u2t
hartwRdtj5Cem+c75pVQkKuTQLmQCVA9gwv22kg8HPoqRFhdL2jh21z2n1A2Mvbz
lD90Pq8sGzZtEHZ5XFxCsCw9QjILQi6g7VQNpP8IVJ/4cCYge0zpGbeJwZttoS9o
8jdqDppDnOqo1df9CE57wb2wJA0a3+kJyh+gDWYWrDc5aTYBUAx9exmIe84H2FHk
dtb34+LxIJPRHb3JDqm5ELkG3ad30nqKf3Xmw9JCDdSucNThgWLVF3zxDMEc0K7f
Mfo4MTEZw2szJhXJU7Zj9kc1tMx3poYEaVHJDVn590AFP96AsRxgmiPVrNtcSEFY
zKs9rpBLJJ/wni/eOopyVP9xvWsVA16lZtj0wva4QjWXMEwohuj6+csEF9zy8kQF
44f0wfLCatPggHLnRz/A
=9Ez8
-----END PGP SIGNATURE-----

--9amGYk9869ThD9tj--


--===============1021775980278734614==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1021775980278734614==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung