[pkg-lxc-devel] Bug#922169: lxc: rexec callers as memfd

Salvatore Bonaccorso carnil at debian.org
Tue Feb 12 20:51:58 GMT 2019


Source: lxc
Version: 1:3.1.0+really3.0.3-2
Severity: important
Tags: patch security upstream

Hi

LXC is similarly impacted as runC for the CVE-2019-5736 issue. Though,
as explained in the commit message of the upstream commit[1], "LXC is
also impacted in a similar manner by this vulnerability, however as
the LXC project considers privileged containers to be unsafe no CVE
has been assigned for this issue for LXC."

Ideally still to be adressed in time for buster.

Regards,
Salvatore

 [1] https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d



More information about the Pkg-lxc-devel mailing list