ansible -- use of predictable paths in lxc_container

2016-04-02T00:00:00
ID 253C6889-06F0-11E6-925F-6805CA0B3D42
Type freebsd
Reporter FreeBSD
Modified 2016-04-02T00:00:00

Description

Ansible developers report:

CVE-2016-3096: do not use predictable paths in lxc_container

do not use a predictable filename for the LXC attach script don't use predictable filenames for LXC attach script logging don't set a predictable archive_path

this should prevent symlink attacks which could result in

data corruption data leakage privilege escalation