[pkg-lxc-devel] Bug#845465: lxc: CVE-2016-8649: attach: do not send procfd to attached process
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 23 18:06:45 UTC 2016
Source: lxc
Version: 1:2.0.5-3
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for lxc.
CVE-2016-8649[0]:
lxc-attach to malicious container allows access to host
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8649
[1] https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c
[2] https://launchpad.net/bugs/1639345
[3] http://www.openwall.com/lists/oss-security/2016/11/23/6
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-lxc-devel
mailing list