Bugzilla – Bug 938522
VUL-0: CVE-2015-1331: lxc: directory traversal flaw allowing arbitrary file creation as the root user
Last modified: 2017-11-15 15:01:47 UTC
Checked the code, 1.0 is the first version containing vulnerable code. This means that SLE is not affected. openSUSE:13.2 with 1.0.6 and Tumbleweed the only affected products. As this issue is under embargo, do not use patches in OBS before this bug is updated to indicate that the embargo is lifted. The security team will assign the bug to the community maintainer at that point.
public at http://seclists.org/oss-sec/2015/q3/165 * Roman Fiedler discovered a directory traversal flaw that allows arbitrary file creation as the root user. A local attacker must set up a symlink at /run/lock/lxc/var/lib/lxc/<CONTAINER>, prior to an admin ever creating an LXC container on the system. If an admin then creates a container with a name matching <CONTAINER>, the symlink will be followed and LXC will create an empty file at the symlink's target as the root user. - CVE-2015-1331 - Affects LXC 1.0.0 and higher - https://launchpad.net/bugs/1470842 - https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6 (master) - https://github.com/lxc/lxc/commit/61ecf69d7834921cc078e14d1b36c459ad8f91c7 (stable-1.1) - https://github.com/lxc/lxc/commit/f547349ea7ef3a6eae6965a95cb5986cd921bd99 (stable-1.0) affects LXC 1.0.0 and higher, please submit for openSUSE 13.2
Fix submitted to 13.2 and factory.
openSUSE-SU-2015:1315-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 938522,938523 CVE References: CVE-2015-1331,CVE-2015-1334 Sources used: openSUSE 13.2 (src): lxc-1.0.6-3.1
released
This is an autogenerated message for OBS integration: This bug (938522) was mentioned in https://build.opensuse.org/request/show/542066 15.0 / lxc