Package : lxc Version : 0.7.2-1+deb6u1 CVE ID : CVE-2013-6441 CVE-2015-1335 Debian Bug : #800471
Brief introduction CVE-2013-6441 The template script lxc-sshd used to mount itself as /sbin/init in the container using a writable bind-mount. This update resolved the above issue by using a read-only bind-mount instead preventing any form of potentially accidental damage. CVE-2015-1335 On container startup, lxc sets up the container's initial file system tree by doing a bunch of mounting, guided by the container's configuration file. The container config is owned by the admin or user on the host, so we do not try to guard against bad entries. However, since the mount target is in the container, it's possible that the container admin could divert the mount with symbolic links. This could bypass proper container startup (i.e. confinement of a root-owned container by the restrictive apparmor policy, by diverting the required write to /proc/self/attr/current), or bypass the (path-based) apparmor policy by diverting, say, /proc to /mnt in the container. This update implements a safe_mount() function that prevents lxc from doing mounts onto symbolic links. -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net
signature.asc
Description: Digital signature