ALT-PU-2016-1873-1

Package update lxc in branch p8

Version2.0.4-alt1

Published2016-08-22

Max severityHIGH

Severity:

Closed issues (2)

HIGH8.6

An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.

Published: 2017-01-09Modified: 2025-04-20

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS 3.xHIGH 8.6

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

References

HIGH8.1

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.

Published: 2020-02-10Modified: 2024-11-21

CVSS 2.0CRITICAL 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS 3.xHIGH 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References