USN-2809-1: LXD vulnerability

Publication date

12 November 2015

Overview

LXD could be made to run programs as an administrator.

Releases


Packages

  • lxd - Container hypervisor based on LXC

Details

Jeroen Simonetti discovered that LXD incorrectly set socket permissions. A
local attacker could use this issue to escalate privileges.

Jeroen Simonetti discovered that LXD incorrectly set socket permissions. A
local attacker could use this issue to escalate privileges.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
15.10 wily lxd –  0.20-0ubuntu4.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›