Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.2905
lxc security update
23 November 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: lxc
Publisher: Debian
Operating System: Debian GNU/Linux 8
Linux variants
Impact/Access: Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2015-1335
Original Bulletin:
http://www.debian.org/security/2015/dsa-3400
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running lxc check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3400-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
November 19, 2015 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : lxc
CVE ID : CVE-2015-1335
Debian Bug : 800471
Roman Fiedler discovered a directory traversal flaw in LXC, the Linux
Containers userspace tools. A local attacker with access to a LXC
container could exploit this flaw to run programs inside the container
that are not confined by AppArmor or expose unintended files in the host
to the container.
For the stable distribution (jessie), this problem has been fixed in
version 1:1.0.6-6+deb8u2.
We recommend that you upgrade your lxc packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWTiieAAoJEAVMuPMTQ89ENLIP/1ZJ9MAQUY5aIbes2NXDmaz3
+oC8litzds1uk6aFgwr5gVafXcJPqr8bG6zPiRH6PCwIUaJZl7bMRno2010GTuMx
d5W6Jl84jCQxtmHsoI1EGZsTIVM2iT/iXJTwT0+gNXkDyR8NkLex9v0uI/Krou9d
2RXXS64ZobIlHg3pVh3Dz0ke7s13zaNGYUcsVhR9vGMZeAgWrbGliJJ2WAvE5mAY
aiemct9S4IMNIxrugIXHoynVoIvOcSzwFwVRH87ybzVTgVuXgKtDRJA254XCzmRl
e9zEsdyucGkhWw40AAHvVYNjuhQavqQkO0qxYPKt2Y24aoDlCiGAHzY5MrLjRr1/
xTyseV7vNnrqNV9chjtl3otxzwphljdRT2HVLRFVgJLL7A1yKQwwR6ecSaDztsBj
06TwX36X5cDCKt5NZiMuUnKDLI3fZRzr+imWt15HaM1MHLiiXnvj4HVIZ+dncPGh
Rj04JJ+rPn97FS60eh3QOZfUsCD3QXAzorpUF483YoffHSAC3sJONxWJ9nEUgIf0
/vIvD3V3Yiu3MDbroTGopYcZfkklQ3Jiz0oWNOaSaQcGx7kmxtv+X/xF0jcVEPSx
lFmNgDNjTQ6JKR2UtR1Og2KMVDVbCRyKUcGT0dy9k2NcIjk5OjicvIOC5dFDL1UV
D4Sk/nEyZ14kY9eUVjr6
=AVCq
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVlKuVX6ZAP0PgtI9AQJmlxAAh4156cvw29PDjn0I4EU0smrySnYIYVPn
Skz5vHf1Ngwbi9u+ZVyPDE+DxTaICRAwTOud1Y3jQMh2/K1PWBNJNaL7qHtjlNyS
E61VsrMmxfoVKMdxCKpGIMwfwPw2EmnjlPFlmo6rwQTCwp9L1cs/S1fp4Zjnk8z1
9KBRQWt1pWyZoG4fEotxTbsa4qMaAbaFlhJgu/us7kIQMCxvFkxsZljPM3dgcIE5
hbhoM6jPdxVimp++Z1U31RNwrQQUGEsLt7+RImRKjTZW/CZL1kA4k+VaT1tDVnZt
8/2Bz56HGBzJDPDYfFeXQPmQiIkaWa44P6+Blrd3+fLsCpU+XawHSuB6ze1akDNB
WUH7dYS/mG6KoNDyu/+y/orIA6ChZIiBwRHZbsnRJ8FY66mbomPGZRiVEOzy4/AQ
rh9dPKBPvX7RwhlAo2Z4JbjSUIbF8r0EFVZl2ol8XCodg0zZ+y9etsHN19lKX4OI
fcfqwgqXjy3IZ6IPajQW+amXfKpyX5VT0RwUtkn3/r15SddnNs0HxNBZn+cI4vWw
hNOYDYfj2cIAElkMXyGnrEIpYwMHPnR/DKDk3XTwF3CDX5tGlSSkVKKRM2PV8Vb2
37RgWNG4JY5XRSgxgCcL0yZA2Yq7niAwR5nwm5daxgye51colN5KU/3BIznWk5u/
G3q70ldsr7s=
=CcnE
-----END PGP SIGNATURE-----