Updated lxc package fixes security vulnerabilityPublication date: 07 Aug 2015
Affected Mageia releases : 5
CVE: CVE-2015-1331 , CVE-2015-1334
Roman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user (CVE-2015-1331). Roman Fiedler discovered that LXC incorrectly trusted the container's proc filesystem to set up AppArmor profile changes and SELinux domain transitions. A local attacker could exploit this flaw to run programs inside the container that are not confined by AppArmor or SELinux (CVE-2015-1334).