GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Aug 22, 2018 10:26 pm Post subject: [ GLSA 201808-02 ] LinuX Containers user space utilities |
|
|
Gentoo Linux Security Advisory
Title: LinuX Containers user space utilities: Arbitrary file read (GLSA 201808-02)
Severity: low
Exploitable: local
Date: 2018-08-22
Bug(s): #662780
ID: 201808-02
Synopsis
A vulnerability has been found in LXC which may allow for arbitrary
file access (read-only).
Background
LinuX Containers user space utilities.
Affected Packages
Package: app-emulation/lxc
Vulnerable: < 2.1.1-r1
Unaffected: >= 2.1.1-r1
Architectures: All supported architectures
Description
lxc-user-nic when asked to delete a network interface will
unconditionally open a user provided path. This code path may be used by
an unprivileged user to check for the existence of a path which they
wouldn’t otherwise be able to reach.
Impact
A local unprivileged user could use this flaw to access arbitrary files,
including special device files.
Workaround
There is no known workaround at this time.
Resolution
All LXC users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/lxc-2.1.1-r1"
|
References
CVE-2018-6556
Last edited by GLSA on Thu Oct 18, 2018 4:17 am; edited 1 time in total |
|