[pkg-lxc-devel] Bug#857295: lxc: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 9 18:07:21 UTC 2017
Hi,
On Thu, Mar 09, 2017 at 06:57:25PM +0100, Salvatore Bonaccorso wrote:
> Source: lxc
> Version: 1:1.0.6-6
> Severity: grave
> Tags: patch upstream security
> Justification: user security hole
>
> Hi,
>
> the following vulnerability was published for lxc, filling it with RC
> severity, should possibly be fixed in stretch before the release,
> although we do not enable user namespaces by default.
FTR, for jessie I think this can go with the next point release, and
does not necessarly need a DSA.
Regards,
Salvatore
More information about the Pkg-lxc-devel
mailing list