ALT-PU-2016-1873-1
Closed vulnerabilities
Published: 2017-01-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-10124
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
Severity: HIGH (8.6)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
References:
- http://www.openwall.com/lists/oss-security/2014/12/15/5
- http://www.openwall.com/lists/oss-security/2014/12/15/5
- http://www.openwall.com/lists/oss-security/2015/09/03/5
- http://www.openwall.com/lists/oss-security/2015/09/03/5
- 95404
- 95404
- https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6
- https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6
- GLSA-201711-09
- GLSA-201711-09
Published: 2020-02-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-18641
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
Severity: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References: