Mageia Advisory: MGASA-2019-0087 - Updated lxc packages fix security vulnerability

Updated lxc packages fix security vulnerability

Publication date: 17 Feb 2019
Modification date: 16 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-5736

Description

LXC allows attackers to overwrite the host LXC binary (and consequently
obtain host root access) by leveraging the ability to execute a command as
root within one of these types of containers: a new container with an
attacker-controlled image, or an existing container, to which the attacker
previously had write access. This occurs because of file-descriptor
mishandling, related to /proc/self/exe. This attack is only possible with
privileged containers since it requires root privilege on the host to
overwrite the binary.

References

https://bugs.mageia.org/show_bug.cgi?id=24350
https://www.openwall.com/lists/oss-security/2019/02/11/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736

SRPMS

6/core

lxc-2.0.8-1.1.mga6

Advisories » MGASA-2019-0087

Updated lxc packages fix security vulnerability

Description

References

SRPMS

6/core