Launchpad.net

CVE 2017-18641

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.

CVE-2017-18641 (Candidate) is related to these bugs:

Bug #1661447: Arbitrary code execution in centos template

Summary				In	Importance	Status
	1661447	Arbitrary code execution in centos template		lxc (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.