Wednesday, August 2, 2017

[USN-3375-1] LXC vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJZgc2FAAoJEGVp2FWnRL6ToFAQAJgn7vMy2pPnOMyPBV88YS9v
kDqOXeB3iTi9y0NrMAkzAFRXaL02spqS2NH2uYcJU2MBNkHoEtDycjlzRthYUYKg
I1aywLxWW6PLqrK4p3tGeQdUqpBQD1NAm4NROpooOmddBHSEY9kxFV8SJWd41nSA
e77iUZDiLWB7vBN/RyskbKjtnP3INL81McvbIdEsuBeKaB/mq+Ij9LZBMHvzjCgH
XJUkiyReIkn75/lMMTVVAPQCrhdIaPxjdeADk2xt0fZLt1Blt6bA+friXUeOgkMJ
vIlMoCYylhO79oyA9WaRMV5IHzboXSaIs8E2hCShHxHZ9aVnXBYL8oQkGNtgd+2k
rLq04thoAB5gPZfK9tLdVFVGwDiep9Kp8oM1ZRXO6smU6a4SNaYH/q/a2EYaZEjX
yaAAZel1vJKin9eJ1E26R3mEJVg2Bu07BW95aai9neekYMrbkpacjR+UooV1PUwp
B8IeIGADIzdgOaDlbbF0WFki2k18/fondCLgQ2VWhNtCPdoO109648njlAxjwQDF
LGVJbBeZHSxaGmkrebcN10gVse8OZFamB3KzGursxmhW9w8n4NGb+xkEdv+Iapij
HD3m0343389ShyNgYnuN5t4bAIiz9qQZGhmNDI9pPP1BuLtCIWirDA6QYq+QZmkk
h1fuH/26LvWbPRGf6dPm
=UQMj
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3375-1
August 02, 2017

lxc vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

LXC would allow unintended access.

Software Description:
- lxc: Linux Containers userspace tools

Details:

It was discovered that LXC incorrectly handled the TIOCSTI ioctl. An
attacker could possibly use this issue to escape LXC containers.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
lxc 1.0.10-0ubuntu1.1

After a standard system update you need to restart LXC containers to make
all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3375-1
CVE-2016-10124

Package Information:
https://launchpad.net/ubuntu/+source/lxc/1.0.10-0ubuntu1.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)