Bug 938523 (CVE-2015-1334) - VUL-0: CVE-2015-1334: lxc: AppArmor or SELinux confinement escape
Summary: VUL-0: CVE-2015-1334: lxc: AppArmor or SELinux confinement escape
Status: RESOLVED FIXED
Alias: CVE-2015-1334
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 13.2
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-17 07:51 UTC by Andreas Stieger
Modified: 2017-11-15 15:01 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Andreas Stieger 2015-07-17 08:45:20 UTC 
Checked the code, 1.0 is the first version containing vulnerable code. This means that SLE is not affected.

openSUSE:13.2 with 1.0.6 and Tumbleweed the only affected products.

As this issue is under embargo, do not use patches in OBS before this bug is updated to indicate that the embargo is lifted.

The security team will assign the bug to the community maintainer at that point.
Comment 3 Swamp Workflow Management 2015-07-18 21:59:46 UTC 
bugbot adjusting priority
Comment 4 Andreas Stieger 2015-07-20 12:23:19 UTC 
The 0.9 part of this issue does not affect SLE.
Comment 5 Andreas Stieger 2015-07-22 14:41:17 UTC 
public at http://seclists.org/oss-sec/2015/q3/165

* Roman Fiedler discovered a flaw that allows processes intended to be
  run inside of confined LXC containers to escape their AppArmor or
  SELinux confinement. A malicious container can create a fake proc
  filesystem, possibly by mounting tmpfs on top of the container's
  /proc, and wait for a lxc-attach to be ran from the host environment.
  lxc-attach incorrectly trusts the container's
  /proc/PID/attr/{current,exec} files to set up the AppArmor profile and
  SELinux domain transitions which may result in no confinement being
  used.
  - CVE-2015-1334
  - Affects LXC 0.9.0 and higher
  - https://launchpad.net/bugs/1475050
  - https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e (master)
  - https://github.com/lxc/lxc/commit/659e807c8dd1525a5c94bdecc47599079fad8407 (stable-1.1)
  - https://github.com/lxc/lxc/commit/15ec0fd9d490dd5c8a153401360233c6ee947c24 (stable-1.0)


from LXC 0.9.0, please submit update for openSUSE 13.1 and 13.2
Comment 6 Jiri Slaby 2015-07-23 09:27:24 UTC 
Fix submitted to 13.2 and factory.
Comment 7 Andreas Stieger 2015-07-23 09:44:16 UTC 
This affects openSUSE 13.1 as well.
Comment 8 Jiri Slaby 2015-07-23 11:00:27 UTC 
Ok, to 13.1 too.
Comment 9 Andreas Stieger 2015-07-23 11:03:23 UTC 
(In reply to Jiri Slaby from comment #8)
> Ok, to 13.1 too.

thanks, is running
Comment 10 Swamp Workflow Management 2015-07-30 10:07:55 UTC 
openSUSE-SU-2015:1315-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 938522,938523
CVE References: CVE-2015-1331,CVE-2015-1334
Sources used:
openSUSE 13.2 (src):    lxc-1.0.6-3.1
Comment 11 Swamp Workflow Management 2015-07-30 12:08:09 UTC 
openSUSE-SU-2015:1317-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 938523
CVE References: CVE-2015-1334
Sources used:
openSUSE 13.1 (src):    lxc-0.9.0-3.8.1
Comment 12 Marcus Meissner 2015-08-10 07:41:52 UTC 
released
Comment 13 Bernhard Wiedemann 2017-11-15 15:01:52 UTC 
This is an autogenerated message for OBS integration:
This bug (938523) was mentioned in
https://build.opensuse.org/request/show/542066 15.0 / lxc