CVE 2015-1335
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
Related bugs and status
CVE-2015-1335 (Candidate) is related to these bugs:
Bug #1429140: lxc-net upstart script fails on nonexistent iptables rules
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1429140 | lxc-net upstart script fails on nonexistent iptables rules | lxc (Ubuntu) | High | Fix Released | ||
| 1429140 | lxc-net upstart script fails on nonexistent iptables rules | lxc (Ubuntu Trusty) | High | Fix Released | ||
Bug #1476662: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1476662 | lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor | lxc (Ubuntu) | High | Fix Released | ||
Bug #1507463: OverlayFS: Wrong mnt_id and path reported in /proc in linux-3.13
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1507463 | OverlayFS: Wrong mnt_id and path reported in /proc in linux-3.13 | linux (Ubuntu) | Medium | Confirmed | ||
Bug #1514623: New upstream bugfix release 1.0.8 (LXC MRE)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1514623 | New upstream bugfix release 1.0.8 (LXC MRE) | lxc (Ubuntu) | Medium | Fix Released | ||
| 1514623 | New upstream bugfix release 1.0.8 (LXC MRE) | lxc (Ubuntu Trusty) | Medium | Fix Released | ||
Bug #1515463: Broken juju LXC deployments
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1515463 | Broken juju LXC deployments | lxc (Ubuntu) | High | Fix Released | ||
| 1515463 | Broken juju LXC deployments | lxc (Ubuntu Xenial) | High | Fix Released | ||
| 1515463 | Broken juju LXC deployments | lxc (Ubuntu Trusty) | High | Fix Released | ||
| 1515463 | Broken juju LXC deployments | lxc (Ubuntu Wily) | High | Fix Released | ||
| 1515463 | Broken juju LXC deployments | lxc (Ubuntu Vivid) | High | Fix Released | ||
Bug #1516971: LXC's preserve_ns fails on < 3.8 kernels
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1516971 | LXC's preserve_ns fails on < 3.8 kernels | Canonical System Image | Critical | Fix Released | ||
| 1516971 | LXC's preserve_ns fails on < 3.8 kernels | lxc (Ubuntu) | High | Fix Released | ||
| 1516971 | LXC's preserve_ns fails on < 3.8 kernels | lxc (Ubuntu Trusty) | High | Fix Released | ||
| 1516971 | LXC's preserve_ns fails on < 3.8 kernels | lxc (Ubuntu Xenial) | High | Fix Released | ||
| 1516971 | LXC's preserve_ns fails on < 3.8 kernels | lxc (Ubuntu Wily) | High | Fix Released | ||
| 1516971 | LXC's preserve_ns fails on < 3.8 kernels | lxc (Ubuntu Vivid) | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
