[pkg-lxc-devel] Bug#922169: lxc: rexec callers as memfd
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 12 20:51:58 GMT 2019
Source: lxc
Version: 1:3.1.0+really3.0.3-2
Severity: important
Tags: patch security upstream
Hi
LXC is similarly impacted as runC for the CVE-2019-5736 issue. Though,
as explained in the commit message of the upstream commit[1], "LXC is
also impacted in a similar manner by this vulnerability, however as
the LXC project considers privileged containers to be unsafe no CVE
has been assigned for this issue for LXC."
Ideally still to be adressed in time for buster.
Regards,
Salvatore
[1] https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
More information about the Pkg-lxc-devel
mailing list