UbuntuUpdates.org

Package "lxc"

Name: lxc

Description:

Linux Containers userspace tools
Latest version: 1.0.10-0ubuntu1.1
Release: trusty (14.04)
Level: security
Repository: main
Homepage: http://linuxcontainers.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "lxc"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "lxc" in Trusty

Repository Area Version
base main 1.0.3-0ubuntu3
updates main 1.0.10-0ubuntu1.1
backports main 2.0.8-0ubuntu1~14.04.1
PPA: Ubuntu SDK Release 2.0.5-0ubuntu3~ubuntu14.04.1~ppa1
PPA: Lxd 2.1.1-0ubuntu1~ubuntu14.04.1~ppa1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.0.7-0ubuntu0.5 2015-09-29 17:07:11 UTC

  lxc (1.0.7-0ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Arbitrary host file access and AppArmor
    confinement breakout via lxc-start following symlinks while
    setting up mounts within a malicious container (LP: #1476662).
    - debian/patches/0003-CVE-2015-1335.patch: block mounts to paths
      containing symlinks and block bind mounts from relative paths
      containing symlinks. Patch from upstream.
    - CVE-2015-1335

 -- Steve Beattie Tue, 22 Sep 2015 15:07:00 -0700
Source diff to previous version
1476662 lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
CVE-2015-1335 directory traversal

Version: 1.0.7-0ubuntu0.2 2015-07-22 15:07:15 UTC

  lxc (1.0.7-0ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file creation via unintentional symlink
    following when accessing an LXC lock file (LP: #1470842)
    - debian/patches/0001-CVE-2015-1331.patch: Use /run/lxc/lock, rather than
      /run/lock/lxc, as /run and /run/lxc is only writable by root. Based on
      patch from upstream.
    - CVE-2015-1131
  * SECURITY UPDATE: Container AppArmor/SELinux confinement breakout via
    lxc-attach using a potentially malicious container proc filesystem to
    initialize confinement (LP: #1475050)
    - debian/patches/0002-CVE-2015-1334.patch: Use the host's proc filesystem
      to set up AppArmor profile and SELinux domain transitions during
      lxc-attach. Based on patch from upstream.
    - CVE-2015-1334

 -- Tyler Hicks Fri, 17 Jul 2015 10:58:00 -0500
1470842 lxc tools lock handling vulnerable to symlink attack
CVE-2015-1331 directory traversal
CVE-2015-1131 fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerabil
CVE-2015-1334 processes intended to be run inside of confined LXC containers to escape their AppArmor or SELinux confinement


About   -   Send Feedback to @ubuntu_updates