Advisories » MGASA-2026-0172

Updated lxc packages fix security vulnerability

Publication date: 04 Jun 2026
Modification date: 04 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-39402

Description

CVE-2026-39402, lxc lxc-user-nic insufficient ownership validation
allows cross-tenant OVS port deletion
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35487
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/LRWSIWUURCABTGG26SGDYX7OCPQ7FIS7/
• https://github.com/lxc/lxc/security/advisories/GHSA-3m9j-g9gc-vcvq
• https://www.cve.org/CVERecord?id=CVE-2026-39402

SRPMS

9/core

• lxc-5.0.3-1.1.mga9