Kernel security update: Virtuozzo ReadyKernel patch 15.0 for kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)

The cumulative Virtuozzo ReadyKernel patch updated with a security fix. The patch applies to Virtuozzo versions 7.0.0, 7.0.1, and 7.0.3. Vulnerability id: CVE-2017-2647 A flaw was discovered in the Linux kernel's key subsystem. Invoking the requestkey system call with a specially crafted set of...

LXC 'lxc/lxc_user_nic.c' elevation of privilege vulnerability

XC LinuX Containers is a user-space interface to the Linux kernel's container functionality that makes it easy for Linux users to create and manage system or application containers through a powerful API and simple tools. An elevation of privilege vulnerability exists in LXC 'lxc/lxcusernic.c'. A...

Important kernel security update: new kernel 2.6.18-028stab122.1 for Virtuozzo Containers for Linux 4.6

This update provides a new Virtuozzo Containers for Linux 4.6 kernel 2.6.18-028stab122.1 based on the Red Hat Enterprise Linux 5 kernel 2.6.18-419.el5. This update is a rebase to a new Red Hat Enterprise Linux kernel. It provides security fixes inherited from the RHEL kernel and no internal fixes...

Code injection

lxc-user-nic in Linux Containers LXC allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check...

CVE-2017-5985

lxc-user-nic in Linux Containers LXC allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check...

CVE-2017-5985

lxc-user-nic in Linux Containers LXC allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check...

DEBIAN-CVE-2017-5985

lxc-user-nic in Linux Containers LXC allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check...

CVE-2017-5985

CVE-2017-5985 affects LXC’s lxc-user-nic component, where missing netns ownership checks let a local user with a lxc-usernet allocation create host interfaces and pick their names. The issue is documented across multiple vendors and advisories (openSUSE, Mageia, Arch Linux) with fixes in updated ...

CVE-2017-5985

lxc-user-nic in Linux Containers LXC allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check...

CVE-2017-5985

lxc-user-nic in Linux Containers LXC allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check...

Product security update: Virtuozzo Automator 6.1 Update 2 Hotfix 3

The new packages for Virtuozzo Automator 6.1 introducing a new feature, a security fix, and usability bug fixes for VA Agent for Linux. Vulnerability id: PVA-27270 In cases when multiple containers were processed in a single task by external tools like 'vzabackup', Power Panel of any container...

[SECURITY] Fedora 25 Update: libcacard-2.5.3-1.fc25

This library provides emulation of smart cards to a virtual card reader running in a guest virtual machine. It implements DoD CAC standard with separate pki containers compatible coolkey, using certificates read from NSS...

[SECURITY] Fedora 25 Update: runc-1.0.0-3.rc2.gitc91b5be.fc25

The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc...

GLSA-201701-30 : vzctl: Security bypass

The remote host is affected by the vulnerability described in GLSA-201701-30 vzctl: Security bypass It was discovered that vzctl determined the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory. This allows local simfs container CT root...

RunC Exec Vulnerability | Cloud Foundry

Medium Vendor Open Containers Initiative Description RunC allowed additional container processes via runc exec to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the...

Linux Containers Unauthorized Vulnerability

Linux Containers LXC is a set of container-based virtualization technologies at the operating system level. A security vulnerability exists in versions of LXC prior to 2016-02-22. An attacker could exploit the vulnerability to perform unauthorized operations...

vzctl: Security bypass

Background vzctl is a set of control tools for the OpenVZ server virtualization solution. Description It was discovered that vzctl determined the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory. This allows local simfs container CT ro...

kernel: out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt

An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt. The function call is normally restricted to root, however some processes with capsysadmin may also be able to trigger this flaw in privileged container environments...

Input validation

An issue was discovered in Linux Containers LXC before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container...

CVE-2016-10124

An issue was discovered in Linux Containers LXC before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container...