Advisories ยป MGASA-2016-0163

Updated ansible packages fix CVE-2016-3096

Publication date: 05 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3096


Updated ansible package fixes security vulnerability:

A vulnerability in lxc_container, ansible module, was found allowing to get
root inside the container. The problem is in the create_script function, which
tries to write to /opt/.lxc-attach-script inside of the container. If the
attacker can write to /opt/.lxc-attach-script before that, he can overwrite
arbitrary files or execute commands as root (CVE-2016-3096).