16 matches found
Path traversal
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...
openSUSE Security Update : lxc / lxcfs (openSUSE-2019-1481)
This update for lxc, lxcfs to version 3.1.0 fixes the following issues : Security issues fixed : - CVE-2019-5736: Fixed a container breakout vulnerability boo1122185. - CVE-2018-6556: Enable setuid bit on lxc-user-nic boo988348. Non-security issues fixed : - Update to LXC 3.1.0. The changelog is...
openSUSE: Security Advisory for lxc, lxcfs (openSUSE-SU-2019:1481-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for lxc, lxcfs (important)
openSUSE Security Update: Security update for lxc, lxcfs Announcement ID: openSUSE-SU-2019:1481-1 Rating: important References: 1036360 1099239 1122185 1131762 988348 998326 Cross-References: CVE-2015-1331 CVE-2015-1334 CVE-2015-1335 CVE-2017-5985 CVE-2018-6556 CVE-2019-5736 Affected Products:...
openSUSE Security Update : lxc / lxcfs (openSUSE-2019-1275)
This update for lxc, lxcfs to version 3.1.0 fixes the following issues : Security issues fixed : - CVE-2019-5736: Fixed a container breakout vulnerability boo1122185. - CVE-2018-6556: Enable setuid bit on lxc-user-nic boo988348. Non-security issues fixed : - Update to LXC 3.1.0. The changelog is...
openSUSE: Security Advisory for lxc, lxcfs (openSUSE-SU-2019:1275-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2019:1230-1 Security update for lxc
This update for lxc fixes the following issues: The following security vulnerability was fixed: - CVE-2018-6556: Fixed an information leak and possible open side effects to regular users via lxc-user-nic boo988348 This update was imported from the openSUSE:Leap:15.0:Update update project...
openSUSE Security Update : lxc (openSUSE-2019-596)
This update for lxc fixes the following issues : The following security vulnerability was fixed : - CVE-2018-6556: Fixed an information leak and possible open side effects to regular users via lxc-user-nic boo988348 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
openSUSE: Security Advisory for lxc (openSUSE-SU-2018:2316-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : lxc (openSUSE-2018-865)
This update for lxc fixes the following issues : The following security vulnerability was fixed : - CVE-2018-6556: Fixed an information leak and possible open side effects to regular users via lxc-user-nic boo988348 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...
CVE-2018-6556 The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...
CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...
CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...
CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...
UBUNTU-CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...