Zwei Probleme in LXCFS
ID: | USN-2813-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 15.04, Ubuntu 15.10 |
Datum: | Di, 17. November 2015, 22:48 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1342 |
Applikationen: | LXCFS |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1555347540986409552== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="WbOxe6qS8ce4JJjRACW9xBj4msAeVou2j" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --WbOxe6qS8ce4JJjRACW9xBj4msAeVou2j Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-2813-1 November 17, 2015 lxcfs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 Summary: Several security issues were fixed in LXCFS. Software Description: - lxcfs: FUSE based filesystem for LXC Details: It was discovered that LXCFS incorrectly enforced directory escapes. A local attacker could use this issue to possibly escalate privileges. (CVE-2015-1342) It was discovered that LXCFS incorrectly checked certain permissions. A local attacker could use this issue t possibly escalate privileges. (CVE-2015-1344) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: lxcfs 0.10-0ubuntu2.1 Ubuntu 15.04: lxcfs 0.7-0ubuntu4.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2813-1 CVE-2015-1342, CVE-2015-1344 Package Information: https://launchpad.net/ubuntu/+source/lxcfs/0.10-0ubuntu2.1 https://launchpad.net/ubuntu/+source/lxcfs/0.7-0ubuntu4.1 --WbOxe6qS8ce4JJjRACW9xBj4msAeVou2j Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJWS3K1AAoJEGVp2FWnRL6TQCEP/RdqLMQnoEpdBRrzsp1gEoF9 d0O+k1Bt7B+vGS0C8pRO3pHe7jPjEoLSFGyK/CSjhwKSs1EH6+R/L7QN1giL1rH4 aiXf/L6x6GVbm2NvVopr6hz7/Gy2QdRC1EWRIBjPVnXS3pGvnoz6KO/BDy9t1g3Q 3BypG4KBUA+AbYzibtqWbQnJKej6CeA1hTzofjmXTNm4cFZJtdTnJorjA54LLQbh 1Yqn+jOopJ7RiaKXNUGp45Csy6LynzLuu+50iEbs0v4v/F1b/yyk0MaYLQx2Cazu T2Y7wLzLuim5ZEjCjDrRMeiQ8gmdQiIlPrUQaOieejVv47jvo+gkoVblYlQzls7+ vAXfB7n4o0XLXjETYRcC+kpIs//kA91/VGNngsKB3mwKGqj7e5peu77itFS1eT1H 3hxKQbTm7OiyfaGlNUCmjBmD7sOGAtMJkSx1Wb1DfJj/11tf4iluHGhDCO71llK4 a6xqcj05Fv/80CG+S2SWVWu952jxJoFy9DwlG+w9iqp5oIUC2Ai5k8CQqRjDmGFN cQRBS8kYx75uBci6L8X1idl7H2cWvhxeSQj4BrGFTKksRTIMV0T5uXfL7YiIwKXC +Fsc8oNWUuoJJRi4MO2fGy3mqVse/v5xoTyqVKeuZeJE0cJO+BJPmCGYq4GI57mt fpQrgRZSYxsvpMkk2oFG =HrYS -----END PGP SIGNATURE----- --WbOxe6qS8ce4JJjRACW9xBj4msAeVou2j-- --===============1555347540986409552== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============1555347540986409552==-- |