drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in LXC
Name: |
Mangelnde Rechteprüfung in LXC |
|
ID: |
USN-3136-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10 |
|
Datum: |
Do, 24. November 2016, 01:07 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8649 |
|
Applikationen: |
LXC |
|
Originalnachricht |
--===============1021775980278734614== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj" Content-Disposition: inline
--9amGYk9869ThD9tj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3136-1 November 23, 2016
lxc vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
LXC could be made to allow containers to access to the host filesystem.
Software Description: - lxc: Linux Containers userspace tools
Details:
Roman Fiedler discovered a directory traversal flaw in lxc-attach. An attacker with access to an LXC container could exploit this flaw to access files outside of the container.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: liblxc1 2.0.5-0ubuntu1.2 lxc1 2.0.5-0ubuntu1.2
Ubuntu 16.04 LTS: liblxc1 2.0.5-0ubuntu1~ubuntu16.04.3 lxc1 2.0.5-0ubuntu1~ubuntu16.04.3
Ubuntu 14.04 LTS: liblxc1 1.0.8-0ubuntu0.4 lxc 1.0.8-0ubuntu0.4
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3136-1 CVE-2016-8649
Package Information: https://launchpad.net/ubuntu/+source/lxc/2.0.5-0ubuntu1.2 https://launchpad.net/ubuntu/+source/lxc/2.0.5-0ubuntu1~ubuntu16.04.3 https://launchpad.net/ubuntu/+source/lxc/1.0.8-0ubuntu0.4
--9amGYk9869ThD9tj Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJYNdcuAAoJENaSAD2qAscKpSgQAKS/Bgz0v+6YtRtWIoMcYIhc kewQ9DMt22ONKC3f/szEYeDE+uBqy4toVDnYWkgXlSkvT1sEFCPXxzb6XEN/r97H MLb69l0qocPVCRQBswYTmLRSCVBhg7VExXdRLyQk5bKm+8JuRdH0uMFhwtiPiN3L DBwhuS+supmlhZBhagLI018YRwRajhrMbnO4L7HnHHbiELZzbTff0kNYSMpjfCQh h4w1Ssf/fWNrOVjx6A9vjw8r8RxJeKgjobyzSgi+DnJCE0lyVjRcNkorHgdj8u2t hartwRdtj5Cem+c75pVQkKuTQLmQCVA9gwv22kg8HPoqRFhdL2jh21z2n1A2Mvbz lD90Pq8sGzZtEHZ5XFxCsCw9QjILQi6g7VQNpP8IVJ/4cCYge0zpGbeJwZttoS9o 8jdqDppDnOqo1df9CE57wb2wJA0a3+kJyh+gDWYWrDc5aTYBUAx9exmIe84H2FHk dtb34+LxIJPRHb3JDqm5ELkG3ad30nqKf3Xmw9JCDdSucNThgWLVF3zxDMEc0K7f Mfo4MTEZw2szJhXJU7Zj9kc1tMx3poYEaVHJDVn590AFP96AsRxgmiPVrNtcSEFY zKs9rpBLJJ/wni/eOopyVP9xvWsVA16lZtj0wva4QjWXMEwohuj6+csEF9zy8kQF 44f0wfLCatPggHLnRz/A =9Ez8 -----END PGP SIGNATURE-----
--9amGYk9869ThD9tj--
--===============1021775980278734614== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1021775980278734614==--
|
|
|
|