=========================================================================Ubuntu Security Notice USN-2451-1
January 06, 2015

cgmanager vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS

Summary:

cgmanager could be made to expose sensitive information or devices to
containers running on the system.

Software Description:
- cgmanager: Central cgroup manager daemon

Details:

Serge Hallyn discovered that cgmanager did not consistently enforce
proper nesting when modifying cgroup properties. A local attacker in a
privileged container could use this to set cgroup values for all cgroups.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  cgmanager                       0.32-4ubuntu1.1

Ubuntu 14.04 LTS:
  cgmanager                       0.24-0ubuntu7.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2451-1
  CVE-2014-1425

Package Information:
  https://launchpad.net/ubuntu/+source/cgmanager/0.32-4ubuntu1.1
  https://launchpad.net/ubuntu/+source/cgmanager/0.24-0ubuntu7.1

Ubuntu 2451-1: cgmanager vulnerability

January 6, 2015
cgmanager could be made to expose sensitive information or devices tocontainers running on the system.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: cgmanager 0.32-4ubuntu1.1 Ubuntu 14.04 LTS: cgmanager 0.24-0ubuntu7.1 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2451-1

CVE-2014-1425

Severity
January 06, 2015

Package Information

https://launchpad.net/ubuntu/+source/cgmanager/0.32-4ubuntu1.1 https://launchpad.net/ubuntu/+source/cgmanager/0.24-0ubuntu7.1

Related News