[ubuntu/trusty-security] lxc 1.0.7-0ubuntu0.5 (Accepted)

Tyler Hicks tyhicks at canonical.com
Tue Sep 29 15:41:14 UTC 2015


lxc (1.0.7-0ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Arbitrary host file access and AppArmor
    confinement breakout via lxc-start following symlinks while
    setting up mounts within a malicious container (LP: #1476662).
    - debian/patches/0003-CVE-2015-1335.patch: block mounts to paths
      containing symlinks and block bind mounts from relative paths
      containing symlinks. Patch from upstream.
    - CVE-2015-1335

Date: 2015-09-26 16:23:13.852162+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Signed-By: Tyler Hicks <tyhicks at canonical.com>
https://launchpad.net/ubuntu/+source/lxc/1.0.7-0ubuntu0.5
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list