[ubuntu/vivid-updates] lxc 1.1.2-0ubuntu3.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Sep 29 16:28:13 UTC 2015
lxc (1.1.2-0ubuntu3.2) vivid-security; urgency=medium
* SECURITY UPDATE: Arbitrary host file access and AppArmor
confinement breakout via lxc-start following symlinks while
setting up mounts within a malicious container (LP: #1476662).
- debian/patches/0010-CVE-2015-1335.patch: block mounts to paths
containing symlinks and block bind mounts from relative paths
containing symlinks. Patch from upstream.
- CVE-2015-1335
Date: 2015-09-22 23:44:13.933101+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/lxc/1.1.2-0ubuntu3.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Vivid-changes
mailing list