Updated lxc package fixes security vulnerability
Publication date: 07 Aug 2015Type: security
Affected Mageia releases : 5
CVE: CVE-2015-1331 , CVE-2015-1334
Description
Roman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user (CVE-2015-1331). Roman Fiedler discovered that LXC incorrectly trusted the container's proc filesystem to set up AppArmor profile changes and SELinux domain transitions. A local attacker could exploit this flaw to run programs inside the container that are not confined by AppArmor or SELinux (CVE-2015-1334).
References
SRPMS
5/core
- lxc-1.0.5-3.1.mga5