Package "lxc-dbg"
Name: |
lxc-dbg
|
Description: |
Linux Containers userspace tools (debug)
|
Latest version: |
1.0.10-0ubuntu1.1 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Head package: |
lxc |
Homepage: |
http://linuxcontainers.org |
Links
Download "lxc-dbg"
Other versions of "lxc-dbg" in Trusty
Changelog
lxc (1.0.7-0ubuntu0.5) trusty-security; urgency=medium
* SECURITY UPDATE: Arbitrary host file access and AppArmor
confinement breakout via lxc-start following symlinks while
setting up mounts within a malicious container (LP: #1476662).
- debian/patches/0003-CVE-2015-1335.patch: block mounts to paths
containing symlinks and block bind mounts from relative paths
containing symlinks. Patch from upstream.
- CVE-2015-1335
-- Steve Beattie Tue, 22 Sep 2015 15:07:00 -0700
|
Source diff to previous version |
1476662 |
lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor |
CVE-2015-1335 |
directory traversal |
|
lxc (1.0.7-0ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: Arbitrary file creation via unintentional symlink
following when accessing an LXC lock file (LP: #1470842)
- debian/patches/0001-CVE-2015-1331.patch: Use /run/lxc/lock, rather than
/run/lock/lxc, as /run and /run/lxc is only writable by root. Based on
patch from upstream.
- CVE-2015-1131
* SECURITY UPDATE: Container AppArmor/SELinux confinement breakout via
lxc-attach using a potentially malicious container proc filesystem to
initialize confinement (LP: #1475050)
- debian/patches/0002-CVE-2015-1334.patch: Use the host's proc filesystem
to set up AppArmor profile and SELinux domain transitions during
lxc-attach. Based on patch from upstream.
- CVE-2015-1334
-- Tyler Hicks Fri, 17 Jul 2015 10:58:00 -0500
|
1470842 |
lxc tools lock handling vulnerable to symlink attack |
CVE-2015-1331 |
directory traversal |
CVE-2015-1131 |
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerabil |
CVE-2015-1334 |
processes intended to be run inside of confined LXC containers to escape their AppArmor or SELinux confinement |
|
About
-
Send Feedback to @ubuntu_updates