[pkg-lxc-devel] Bug#857295: lxc: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 9 17:57:25 UTC 2017
Source: lxc
Version: 1:1.0.6-6
Severity: grave
Tags: patch upstream security
Justification: user security hole
Hi,
the following vulnerability was published for lxc, filling it with RC
severity, should possibly be fixed in stretch before the release,
although we do not enable user namespaces by default.
CVE-2017-5985[0]:
lxc-user-nic didn't verify network namespace ownership
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5985
[1] https://lists.linuxcontainers.org/pipermail/lxc-users/2017-March/012925.html
[2] https://launchpad.net/bugs/1654676
[3] https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
Regards,
Salvatore
More information about the Pkg-lxc-devel
mailing list