MGASA-2019-0087

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0087.html

Import Source

https://advisories.mageia.org/MGASA-2019-0087.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0087

Related

CVE-2019-5736

Published

2019-02-17T00:31:02Z

Modified

2019-02-16T23:59:06Z

Summary

Updated lxc packages fix security vulnerability

Details

LXC allows attackers to overwrite the host LXC binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: a new container with an attacker-controlled image, or an existing container, to which the attacker previously had write access. This occurs because of file-descriptor mishandling, related to /proc/self/exe. This attack is only possible with privileged containers since it requires root privilege on the host to overwrite the binary.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / lxc

Package

Name: lxc
Purl: pkg:rpm/mageia/lxc?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.8-1.1.mga6

Ecosystem specific

{
    "section": "core"
}