openSUSE-SU-2016:3179-1

Опубликовано: 16 дек. 2016

Источник: suse-cvrf

Описание

Security update for lxc

This update for lxc fixes the following issue:

CVE-2016-8649: guest escape via ptrace of lxc-attach (boo#1010933).

Список пакетов

openSUSE Leap 42.1

lxc-1.1.2-10.1

lxc-devel-1.1.2-10.1

openSUSE Leap 42.2

lxc-1.1.2-10.1

lxc-devel-1.1.2-10.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00069.html
E-Mail link for openSUSE-SU-2016:3179-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.

Затронутые продукты

openSUSE Leap 42.1:lxc-1.1.2-10.1

openSUSE Leap 42.1:lxc-devel-1.1.2-10.1

openSUSE Leap 42.2:lxc-1.1.2-10.1

openSUSE Leap 42.2:lxc-devel-1.1.2-10.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-8649.html
CVE-2016-8649
https://bugzilla.suse.com/1010933
SUSE Bug 1010933

openSUSE-SU-2016:3179-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-8649

Описание

Затронутые продукты

Ссылки