DSA-3317-1 lxc -- lxcID: oval:org.secpod.oval:def:602178 | Date: (C)2015-08-25 (M)2022-09-22 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in LXC, the Linux Containers userspace tools. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-1331 Roman Fiedler discovered a directory traversal flaw in LXC when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user. CVE-2015-1334 Roman Fiedler discovered that LXC incorrectly trusted the container"s proc filesystem to set up AppArmor profile changes and SELinux domain transitions. A malicious container could create a fake proc filesystem and use this flaw to run programs inside the container that are not confined by AppArmor or SELinux.