Bug 19835 - lxc new security issue CVE-2016-8649
Summary: lxc new security issue CVE-2016-8649
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Thierry Vignaud
QA Contact: Sec team
URL: https://lwn.net/Vulnerabilities/707364/
Whiteboard:
Keywords:
Depends on: 20439
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-24 13:31 CET by David Walser
Modified: 2017-06-12 11:40 CEST (History)
1 user (show)

See Also:
Source RPM: lxc-2.0.0-5.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2016-11-24 13:31:22 CET
A security issue fixed upstream in LXC has been announced:
http://openwall.com/lists/oss-security/2016/11/23/6

The upstream commit that fixed the issue is linked in the message above, and patches for 1.0 and 2.0 are attached to the launchpad bug linked there.

Additionally, it will be fixed in versions 1.0.9 and 2.0.6.

There may be a kernel patch necessary as well, but I'm not sure if we need it since we don't use SELinux/AppArmor.
David Walser 2016-11-24 13:31:37 CET

CC: (none) => kernel
Whiteboard: (none) => MGA5TOO

Comment 1 David Walser 2016-11-25 19:57:45 CET
Ubuntu has issued an advisory for this on November 23:
http://www.ubuntu.com/usn/usn-3136-1

URL: (none) => https://lwn.net/Vulnerabilities/707364/

David Walser 2017-06-04 19:54:38 CEST

Depends on: (none) => 20439

Comment 2 David Walser 2017-06-04 19:55:19 CEST
Fixed in lxc-2.0.0-6.mga6.

Whiteboard: MGA5TOO => (none)
Version: Cauldron => 5

Comment 3 David Walser 2017-06-12 11:40:00 CEST
Fixed:
http://advisories.mageia.org/MGASA-2017-0167.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.