Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 616
Alerts This Week
Warning Icon 1 616

openSUSE: 2019:1227-1 Important: lxc and lxcfs Security Issues

opensuse
Calendar Grey April 17, 2019
Dist Opensuse Esm H88
Vital openSUSE patch tackles lxc and lxcfs vulnerabilities, implementing essential corrections and improvements for bolstered security measures.
An update that solves two vulnerabilities and has one errata is now available.

Description

This update for lxc, lxcfs to version 3.1.0 fixes the following issues:

Security issues fixed:

- CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185).

- CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348).

Non-security issues fixed:

- Update to LXC 3.1.0. The changelog is far too long to include here,

please look at https://linuxcontainers.org/. (boo#1131762)

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1227=1

Package List

- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

liblxc-devel-3.1.0-bp150.5.3.1

liblxc1-3.1.0-bp150.5.3.1

lxc-3.1.0-bp150.5.3.1

lxcfs-3.0.3-bp150.3.3.1

lxcfs-debuginfo-3.0.3-bp150.3.3.1

lxcfs-debugsource-3.0.3-bp150.3.3.1

pam_cgfs-3.1.0-bp150.5.3.1

- openSUSE Backports SLE-15 (noarch):

lxc-bash-completion-3.1.0-bp150.5.3.1

lxcfs-hooks-lxc-3.0.3-bp150.3.3.1

References

https://www.suse.com/security/cve/CVE-2018-6556.html

https://www.suse.com/security/cve/CVE-2019-5736.html

https://bugzilla.suse.com/1122185

https://bugzilla.suse.com/1131762

https://bugzilla.suse.com/988348

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:1227-1
Rating: important
Affected Products: openSUSE Backports SLE-15 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.