Advisories ยป MGASA-2017-0167

Updated lxc packages fix security vulnerabilities

Publication date: 12 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-8649 , CVE-2017-5985


Roman Fiedler discovered a directory traversal flaw in lxc-attach. An
attacker with access to an LXC container could exploit this flaw to
access files outside of the container (CVE-2016-8649).

Jann Horn discovered that LXC incorrectly verified permissions when
creating virtual network interfaces. A local attacker could possibly use
this issue to create virtual network interfaces in network namespaces
that they do not own (CVE-2017-5985).

The lxc package has been updated to version 1.0.10 to fix these issues
and other bugs.