Security update for lxc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1230-1 Final 1 1 2019-04-18T08:19:11Z current 2019-04-18T08:19:11Z 2019-04-18T08:19:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for lxc This update for lxc fixes the following issues: The following security vulnerability was fixed: - CVE-2018-6556: Fixed an information leak and possible open() side effects to regular users via lxc-user-nic (boo#988348) This update was imported from the openSUSE:Leap:15.0:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1230 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YSTSXJMKRPX7DLJOHKBF3X7FO724JMME/#YSTSXJMKRPX7DLJOHKBF3X7FO724JMME E-Mail link for openSUSE-SU-2019:1230-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/988348 SUSE Bug 988348 https://www.suse.com/security/cve/CVE-2018-6556/ SUSE CVE CVE-2018-6556 page SUSE Package Hub 15 liblxc-devel-2.0.9-bp150.5.6.1 liblxc1-2.0.9-bp150.5.6.1 lxc-2.0.9-bp150.5.6.1 liblxc-devel-2.0.9-bp150.5.6.1 as a component of SUSE Package Hub 15 liblxc1-2.0.9-bp150.5.6.1 as a component of SUSE Package Hub 15 lxc-2.0.9-bp150.5.6.1 as a component of SUSE Package Hub 15 lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2. CVE-2018-6556 SUSE Package Hub 15:liblxc-devel-2.0.9-bp150.5.6.1 SUSE Package Hub 15:liblxc1-2.0.9-bp150.5.6.1 SUSE Package Hub 15:lxc-2.0.9-bp150.5.6.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YSTSXJMKRPX7DLJOHKBF3X7FO724JMME/#YSTSXJMKRPX7DLJOHKBF3X7FO724JMME https://www.suse.com/security/cve/CVE-2018-6556.html CVE-2018-6556 https://bugzilla.suse.com/1122185 SUSE Bug 1122185 https://bugzilla.suse.com/1206779 SUSE Bug 1206779 https://bugzilla.suse.com/988348 SUSE Bug 988348