GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Nov 11, 2017 5:26 pm Post subject: [ glsa 201711-09 ] lxc |
|
|
Gentoo Linux Security Advisory
Title: LXC: Remote security bypass (GLSA 201711-09)
Severity: normal
Exploitable: remote
Date: 2017-11-11
Bug(s): #636386
ID: 201711-09
Synopsis
A vulnerability in LXC may lead to an unauthorized security bypass.
Background
LinuX Containers userspace utilities
Affected Packages
Package: app-emulation/lxc
Vulnerable: < 2.0.7
Unaffected: >= 2.0.7
Architectures: All supported architectures
Description
Previous versions of lxc-attach ran a shell or the specified command
without allocating a pseudo terminal making it vulnerable to input faking
via a TIOCSTI ioctl call.
Impact
Remote attackers can escape the container and perform unauthorized
modifications.
Workaround
There is no know workaround at this time.
Resolution
All LXC users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/lxc-2.0.7"
|
References
CVE-2016-10124
Last edited by GLSA on Mon Jan 15, 2018 4:17 am; edited 1 time in total |
|