| Summary: | lxc new security issue CVE-2017-5985 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, lewyssmith, marja11, sysadmin-bugs, thierry.vignaud |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5-32-OK advisory MGA5-64-OK | ||
| Source RPM: | lxc-1.0.8-1.mga5.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 19835 | ||
|
Description
David Walser
2017-03-10 03:42:37 CET
David Walser
2017-03-10 03:44:20 CET
Whiteboard:
(none) =>
MGA5TOO Assigning to all packagers collectively, since there is no registered maintainer for this package. CC'ing Thierry, who touched the package most often. CC:
(none) =>
marja11, thierry.vignaud Ubuntu has issued an advisory for this on March 9: https://www.ubuntu.com/usn/usn-3224-1/ Freeze push requested for 2.0.8 to fix this. Whiteboard:
MGA5TOO =>
(none) Fixed upstream in 1.0.10, committed to Mageia 5 SVN. It also fixes CVE-2016-10124: https://linuxcontainers.org/lxc/news/ Advisory: ======================== Updated lxc packages fix security vulnerabilities: Roman Fiedler discovered a directory traversal flaw in lxc-attach. An attacker with access to an LXC container could exploit this flaw to access files outside of the container (CVE-2016-8649). Jann Horn discovered that LXC incorrectly verified permissions when creating virtual network interfaces. A local attacker could possibly use this issue to create virtual network interfaces in network namespaces that they do not own (CVE-2017-5985). The lxc package has been updated to version 1.0.10 to fix these issues and other bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5985 https://linuxcontainers.org/lxc/news/ https://www.ubuntu.com/usn/usn-3136-1/ https://www.ubuntu.com/usn/usn-3224-1/ https://bugs.mageia.org/show_bug.cgi?id=19835 https://bugs.mageia.org/show_bug.cgi?id=20439 ======================== Updated packages in core/updates_testing: ======================== lxc-1.0.10-1.mga5 liblxc1-1.0.10-1.mga5 liblxc-devel-1.0.10-1.mga5 from lxc-1.0.10-1.mga5.src.rpm Assignee:
pkg-bugs =>
qa-bugs MGA5-32 on Asus A6000VM Xfce No installation issues Used bug 12760 to find testing procedure. Although Claire thought this could be run as a non-root user in bug 17260 Comment 3, I got at the CLI: $ lxc-create -n lxcsshd -t sshd lxc_container: conf.c: chown_mapped_root: 3860 No mapping for container root lxc_container: lxccontainer.c: do_bdev_create: 838 Error chowning /home/tester5/.local/share/lxc/lxcsshd/rootfs to container root lxc_container: conf.c: suggest_default_idmap: 4912 Your system is not configured with subuids lxc_container: lxccontainer.c: lxcapi_create: 1307 Error creating backing store type (none) for lxcsshd lxc_container: lxc_create.c: main: 274 Error creating container lxcsshd but as root # lxc-create -n lxcsshd -t sshd Generating public/private rsa key pair. Your identification has been saved in /var/lib/lxc/lxcsshd/rootfs/etc/ssh/ssh_host_rsa_key. Your public key has been saved in /var/lib/lxc/lxcsshd/rootfs/etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: followed by key info, and further Generating public/private dsa key pair. Your identification has been saved in /var/lib/lxc/lxcsshd/rootfs/etc/ssh/ssh_host_dsa_key. Your public key has been saved in /var/lib/lxc/lxcsshd/rootfs/etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: etc.... Seems OK. Whiteboard:
(none) =>
MGA5-32-OK
Lewis Smith
2017-06-09 21:11:36 CEST
Whiteboard:
MGA5-32-OK =>
MGA5-32-OK advisory Testing M5 64-bit using https://bugs.mageia.org/show_bug.cgi?id=12760#c2 Before the update: lxc-1.0.8-1.mga5 lib64lxc1-1.0.8-1.mga5 After the update: lxc-1.0.10-1.mga5 lib64lxc1-1.0.10-1.mga5 # lxc-create -n lxcsshd -t /usr/share/lxc/templates/lxc-sshd Container already exists [left over from previous update test] # lxc-info -n lxcsshd Name: lxcsshd State: STOPPED # lxc-destroy -n lxcsshd # lxc-info -n lxcsshd lxcsshd doesn't exist --------------------- # lxc-create -n lxcsshd -t /usr/share/lxc/templates/lxc-sshd Generating public/private rsa key pair. Your identification has been saved in /var/lib/lxc/lxcsshd/rootfs/etc/ssh/ssh_host_rsa_key. Your public key has been saved in /var/lib/lxc/lxcsshd/rootfs/etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: 3d:42:5a:0e:00:07:a0:4b:ab:61:4b:35:3c:89:75:89 root@localhost.localdomain The key's randomart image is: ... Generating public/private dsa key pair. Your identification has been saved in /var/lib/lxc/lxcsshd/rootfs/etc/ssh/ssh_host_dsa_key. Your public key has been saved in /var/lib/lxc/lxcsshd/rootfs/etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: b8:27:22:2a:72:08:b7:d4:b4:3d:03:21:ac:f0:eb:8a root@localhost.localdomain The key's randomart image is: ... # lxc-info -n lxcsshd Name: lxcsshd State: STOPPED # lxc-destroy -n lxcsshd # lxc-info -n lxcsshd lxcsshd doesn't exist It looks OK. Validating, already advisoried. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0167.html Resolution:
(none) =>
FIXED (In reply to David Walser from comment #4) > Fixed upstream in 1.0.10, committed to Mageia 5 SVN. > > It also fixes CVE-2016-10124: > https://linuxcontainers.org/lxc/news/ which Ubuntu issued an advisory for on August 2: https://usn.ubuntu.com/usn/usn-3375-1/ |