Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Ubuntu: USN-3136-1 Critical: LXC Directory Traversal Risk

Calendar Nov 23, 2016 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical directory traversal system update ubuntu lxc
LXC could be made to allow containers to access to the host filesystem. 
=========================================================================Ubuntu Security Notice USN-3136-1
November 23, 2016

lxc vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

LXC could be made to allow containers to access to the host filesystem.

Software Description:
- lxc: Linux Containers userspace tools

Details:

Roman Fiedler discovered a directory traversal flaw in lxc-attach. An
attacker with access to an LXC container could exploit this flaw to access
files outside of the container.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  liblxc1                         2.0.5-0ubuntu1.2
  lxc1                            2.0.5-0ubuntu1.2

Ubuntu 16.04 LTS:
  liblxc1                         2.0.5-0ubuntu1~ubuntu16.04.3
  lxc1                            2.0.5-0ubuntu1~ubuntu16.04.3

Ubuntu 14.04 LTS:
  liblxc1                         1.0.8-0ubuntu0.4
  lxc                             1.0.8-0ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3136-1
  CVE-2016-8649

Package Information:
  https://launchpad.net/ubuntu/+source/lxc/2.0.5-0ubuntu1.2
  https://launchpad.net/ubuntu/+source/lxc/2.0.5-0ubuntu1~ubuntu16.04.3
  https://launchpad.net/ubuntu/+source/lxc/1.0.8-0ubuntu0.4

Ubuntu: USN-3136-1 Critical: LXC Directory Traversal Risk

ubuntu
Calendar Grey November 23, 2016
Dist Ubuntu Esm H88
LXC flaw permits container access to host's file system. Ensure to update your Ubuntu system to fix this security vulnerability.
LXC could be made to allow containers to access to the host filesystem.

Summary

Topics%20covered

Topics Covered

security advisory critical directory traversal system update ubuntu lxc

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: liblxc1 2.0.5-0ubuntu1.2 lxc1 2.0.5-0ubuntu1.2 Ubuntu 16.04 LTS: liblxc1 2.0.5-0ubuntu1~ubuntu16.04.3 lxc1 2.0.5-0ubuntu1~ubuntu16.04.3 Ubuntu 14.04 LTS: liblxc1 1.0.8-0ubuntu0.4 lxc 1.0.8-0ubuntu0.4 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3136-1

CVE-2016-8649

Severity
critical
Lowest
Low
Medium
High
Critical

November 23, 2016

Topics%20covered

Topics Covered

security advisory critical directory traversal system update ubuntu lxc

Package Information

https://launchpad.net/ubuntu/+source/lxc/2.0.5-0ubuntu1.2 https://launchpad.net/ubuntu/+source/lxc/2.0.5-0ubuntu1~ubuntu16.04.3 https://launchpad.net/ubuntu/+source/lxc/1.0.8-0ubuntu0.4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here