Launchpad CVE tracker

CVE 2015-1342

LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.

Related bugs and status

CVE-2015-1342 (Candidate) is related to these bugs:

Bug #1508481: lxcfs does not properly enforce directory escapes

Summary				In	Importance	Status
	1508481	lxcfs does not properly enforce directory escapes		lxcfs (Ubuntu)	Undecided	Fix Released

Bug #1512854: Lack of privilege checking in do_write_pids

		In	Importance	Status
1512854	Lack of privilege checking in do_write_pids	lxcfs (Ubuntu)	Undecided	Fix Released
1512854	Lack of privilege checking in do_write_pids	lxcfs (Ubuntu Vivid)	Undecided	Fix Released
1512854	Lack of privilege checking in do_write_pids	lxcfs (Ubuntu Xenial)	Undecided	Fix Released
1512854	Lack of privilege checking in do_write_pids	lxcfs (Ubuntu Wily)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
CONFIRM: https://github.com/lxc...
UBUNTU: USN-2813-1

Launchpad.net

CVE 2015-1342

Related bugs and status

Related bugs

References