CVE 2015-1335
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
Related bugs and status
CVE-2015-1335 (Candidate) is related to these bugs:
Bug #1429140: lxc-net upstart script fails on nonexistent iptables rules
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1429140 | lxc-net upstart script fails on nonexistent iptables rules | lxc (Ubuntu) | High | Fix Released | ||
1429140 | lxc-net upstart script fails on nonexistent iptables rules | lxc (Ubuntu Trusty) | High | Fix Released |
Bug #1476662: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1476662 | lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor | lxc (Ubuntu) | High | Fix Released |
Bug #1507463: OverlayFS: Wrong mnt_id and path reported in /proc in linux-3.13
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1507463 | OverlayFS: Wrong mnt_id and path reported in /proc in linux-3.13 | linux (Ubuntu) | Medium | Confirmed |
Bug #1514623: New upstream bugfix release 1.0.8 (LXC MRE)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1514623 | New upstream bugfix release 1.0.8 (LXC MRE) | lxc (Ubuntu) | Medium | Fix Released | ||
1514623 | New upstream bugfix release 1.0.8 (LXC MRE) | lxc (Ubuntu Trusty) | Medium | Fix Released |
Bug #1515463: Broken juju LXC deployments
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1515463 | Broken juju LXC deployments | lxc (Ubuntu) | High | Fix Released | ||
1515463 | Broken juju LXC deployments | lxc (Ubuntu Xenial) | High | Fix Released | ||
1515463 | Broken juju LXC deployments | lxc (Ubuntu Trusty) | High | Fix Released | ||
1515463 | Broken juju LXC deployments | lxc (Ubuntu Wily) | High | Fix Released | ||
1515463 | Broken juju LXC deployments | lxc (Ubuntu Vivid) | High | Fix Released |
Bug #1516971: LXC's preserve_ns fails on < 3.8 kernels
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1516971 | LXC's preserve_ns fails on < 3.8 kernels | Canonical System Image | Critical | Fix Released | ||
1516971 | LXC's preserve_ns fails on < 3.8 kernels | lxc (Ubuntu) | High | Fix Released | ||
1516971 | LXC's preserve_ns fails on < 3.8 kernels | lxc (Ubuntu Trusty) | High | Fix Released | ||
1516971 | LXC's preserve_ns fails on < 3.8 kernels | lxc (Ubuntu Xenial) | High | Fix Released | ||
1516971 | LXC's preserve_ns fails on < 3.8 kernels | lxc (Ubuntu Wily) | High | Fix Released | ||
1516971 | LXC's preserve_ns fails on < 3.8 kernels | lxc (Ubuntu Vivid) | High | Fix Released |
See the
CVE page on Mitre.org
for more details.