USN-3136-1: LXC vulnerability

Publication date

23 November 2016

Overview

LXC could be made to allow containers to access to the host filesystem.


Packages

  • lxc - Linux Containers userspace tools

Details

Roman Fiedler discovered a directory traversal flaw in lxc-attach. An
attacker with access to an LXC container could exploit this flaw to access
files outside of the container.

Roman Fiedler discovered a directory traversal flaw in lxc-attach. An
attacker with access to an LXC container could exploit this flaw to access
files outside of the container.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
16.10 yakkety liblxc1 –  2.0.5-0ubuntu1.2
lxc1 –  2.0.5-0ubuntu1.2
16.04 xenial liblxc1 –  2.0.5-0ubuntu1~ubuntu16.04.3
lxc1 –  2.0.5-0ubuntu1~ubuntu16.04.3
14.04 trusty liblxc1 –  1.0.8-0ubuntu0.4
lxc –  1.0.8-0ubuntu0.4

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›