** Changed in: lxc (Ubuntu Precise) Importance: Undecided => High ** Description changed:
============================== SRU Justification: Impact: callers of liblxc (like lxc-ip) can easily get buffer overruns Stable fix: will be same as development fix Development fix: Change all sprintf calls to snprintf, and check all snprintf return values - which can possibly overrun + which can possibly overrun Test case: call lxc-info with a 300 character container name? Regression potential: If this code is not converted correctly, regular container - usage can be broken. The lxc testsuite is being run to make sure there are no - regressions with regular container creation and startup. + usage can be broken. The lxc testsuite was run to make sure there are no + regressions with regular container creation and startup. (see + lp:~serge-hallyn/+junk/lxc-test) ============================== Some code in liblxc calls sprintf, or doesn't check return values of snprintf. Find and fix those. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/988918 Title: buffer overflows possible in liblxc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/988918/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
