Advisories ยป MGASA-2015-0304

Updated lxc package fixes security vulnerability

Publication date: 07 Aug 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-1331 , CVE-2015-1334

Description

Roman Fiedler discovered that LXC had a directory traversal flaw when
creating lock files. A local attacker could exploit this flaw to create an
arbitrary file as the root user (CVE-2015-1331).

Roman Fiedler discovered that LXC incorrectly trusted the container's proc
filesystem to set up AppArmor profile changes and SELinux domain
transitions. A local attacker could exploit this flaw to run programs
inside the container that are not confined by AppArmor or SELinux
(CVE-2015-1334).
                

References

SRPMS

5/core