Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-18641

Опубликовано: 10 фев. 2020
Источник: debian

Описание

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
lxc-templatesunfixedpackage
lxcfixed1:3.0.3-1package
lxcno-dsastretchpackage
lxcignoredjessiepackage

Примечания

  • LXC 3.0.2 split the templates out to separate lxc-templates.

  • https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447

  • Some of the templates were switched to fetch the pacakges over HTTPS, cf.

  • https://github.com/lxc/lxc/pull/1371 for the lxc-fedora template.

  • No security commitments from upstream and lxc-ltemplates deprecated in favour of

  • distrobuilder.

Связанные уязвимости

ubuntu логотип

CVE-2017-18641

CVSS3: 8.1
ubuntu
почти 6 лет назад

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.

nvd логотип

CVE-2017-18641

CVSS3: 8.1
nvd
почти 6 лет назад

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.

github логотип

GHSA-rv6g-hrqv-7f3p

github
больше 3 лет назад

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.