Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1481-1

Опубликовано: 31 мая 2019
Источник: suse-cvrf

Описание

Security update for lxc, lxcfs

This update for lxc, lxcfs to version 3.1.0 fixes the following issues:

Security issues fixed:

  • CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185).
  • CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348).

Non-security issues fixed:

Список пакетов

openSUSE Leap 42.3
liblxc-devel-3.1.0-24.1
liblxc1-3.1.0-24.1
lxc-3.1.0-24.1
lxc-bash-completion-3.1.0-24.1
lxcfs-3.0.3-2.1
lxcfs-hooks-lxc-3.0.3-2.1
pam_cgfs-3.1.0-24.1

Ссылки

Описание

lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.

Затронутые продукты
openSUSE Leap 42.3:liblxc-devel-3.1.0-24.1
openSUSE Leap 42.3:liblxc1-3.1.0-24.1
openSUSE Leap 42.3:lxc-3.1.0-24.1
openSUSE Leap 42.3:lxc-bash-completion-3.1.0-24.1
Ссылки

Описание

attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.

Затронутые продукты
openSUSE Leap 42.3:liblxc-devel-3.1.0-24.1
openSUSE Leap 42.3:liblxc1-3.1.0-24.1
openSUSE Leap 42.3:lxc-3.1.0-24.1
openSUSE Leap 42.3:lxc-bash-completion-3.1.0-24.1
Ссылки

Описание

lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

Затронутые продукты
openSUSE Leap 42.3:liblxc-devel-3.1.0-24.1
openSUSE Leap 42.3:liblxc1-3.1.0-24.1
openSUSE Leap 42.3:lxc-3.1.0-24.1
openSUSE Leap 42.3:lxc-bash-completion-3.1.0-24.1
Ссылки

Описание

lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.

Затронутые продукты
openSUSE Leap 42.3:liblxc-devel-3.1.0-24.1
openSUSE Leap 42.3:liblxc1-3.1.0-24.1
openSUSE Leap 42.3:lxc-3.1.0-24.1
openSUSE Leap 42.3:lxc-bash-completion-3.1.0-24.1
Ссылки

Описание

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

Затронутые продукты
openSUSE Leap 42.3:liblxc-devel-3.1.0-24.1
openSUSE Leap 42.3:liblxc1-3.1.0-24.1
openSUSE Leap 42.3:lxc-3.1.0-24.1
openSUSE Leap 42.3:lxc-bash-completion-3.1.0-24.1
Ссылки

Описание

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Затронутые продукты
openSUSE Leap 42.3:liblxc-devel-3.1.0-24.1
openSUSE Leap 42.3:liblxc1-3.1.0-24.1
openSUSE Leap 42.3:lxc-3.1.0-24.1
openSUSE Leap 42.3:lxc-bash-completion-3.1.0-24.1
Ссылки
Уязвимость openSUSE-SU-2019:1481-1