Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 556310 (CVE-2015-1331, CVE-2015-1334) - <app-emulation/lxc-1.0.8: Multiple vulnerabilities
Summary: <app-emulation/lxc-1.0.8: Multiple vulnerabilities
Alias: CVE-2015-1331, CVE-2015-1334
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Blocks: CVE-2015-1335
  Show dependency tree
Reported: 2015-07-30 10:27 UTC by Agostino Sarubbo
Modified: 2017-02-22 10:55 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-07-30 10:27:03 UTC
From ${URL} :

Two security issues were found in LXC:

* Roman Fiedler discovered a directory traversal flaw that allows
  arbitrary file creation as the root user. A local attacker must set up
  a symlink at /run/lock/lxc/var/lib/lxc/<CONTAINER>, prior to an admin
  ever creating an LXC container on the system. If an admin then creates
  a container with a name matching <CONTAINER>, the symlink will be
  followed and LXC will create an empty file at the symlink's target as
  the root user. 
  - CVE-2015-1331
  - Affects LXC 1.0.0 and higher
  - (master)
  - (stable-1.1)
  - (stable-1.0)

* Roman Fiedler discovered a flaw that allows processes intended to be
  run inside of confined LXC containers to escape their AppArmor or
  SELinux confinement. A malicious container can create a fake proc
  filesystem, possibly by mounting tmpfs on top of the container's
  /proc, and wait for a lxc-attach to be ran from the host environment.
  lxc-attach incorrectly trusts the container's
  /proc/PID/attr/{current,exec} files to set up the AppArmor profile and
  SELinux domain transitions which may result in no confinement being
  - CVE-2015-1334
  - Affects LXC 0.9.0 and higher
  - (master)
  - (stable-1.1)
  - (stable-1.0)

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2016-11-22 16:29:34 UTC
Fix for 1.0-stable:
$ git tag --contains 15ec0fd9d490dd5c8a153401360233c6ee947c24

@ Arches,

please test and mark stable: =app-emulation/lxc-1.0.8
Comment 2 Agostino Sarubbo gentoo-dev 2016-11-25 18:29:18 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2016-11-25 18:56:07 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-01-18 10:04:26 UTC
ppc64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2017-01-24 08:51:07 UTC
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-30 00:48:55 UTC
GLSA Vote: No
Comment 7 Aaron Bauman (RETIRED) gentoo-dev 2017-02-22 10:50:20 UTC
tree is clean