Security update for lxc, lxcfs SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1481-1 Final 1 1 2019-05-31T14:17:03Z current 2019-05-31T14:17:03Z 2019-05-31T14:17:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for lxc, lxcfs This update for lxc, lxcfs to version 3.1.0 fixes the following issues: Security issues fixed: - CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185). - CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348). Non-security issues fixed: - Update to LXC 3.1.0. The changelog is far too long to include here, please look at https://linuxcontainers.org/. (boo#1131762) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html E-Mail link for openSUSE-SU-2019:1481-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 liblxc-devel-3.1.0-24.1 liblxc1-3.1.0-24.1 lxc-3.1.0-24.1 lxc-bash-completion-3.1.0-24.1 lxcfs-3.0.3-2.1 lxcfs-hooks-lxc-3.0.3-2.1 pam_cgfs-3.1.0-24.1 liblxc-devel-3.1.0-24.1 as a component of openSUSE Leap 42.3 liblxc1-3.1.0-24.1 as a component of openSUSE Leap 42.3 lxc-3.1.0-24.1 as a component of openSUSE Leap 42.3 lxc-bash-completion-3.1.0-24.1 as a component of openSUSE Leap 42.3 lxcfs-3.0.3-2.1 as a component of openSUSE Leap 42.3 lxcfs-hooks-lxc-3.0.3-2.1 as a component of openSUSE Leap 42.3 pam_cgfs-3.1.0-24.1 as a component of openSUSE Leap 42.3 lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. CVE-2015-1331 openSUSE Leap 42.3:liblxc-devel-3.1.0-24.1 openSUSE Leap 42.3:liblxc1-3.1.0-24.1 openSUSE Leap 42.3:lxc-3.1.0-24.1 openSUSE Leap 42.3:lxc-bash-completion-3.1.0-24.1 openSUSE Leap 42.3:lxcfs-3.0.3-2.1 openSUSE Leap 42.3:lxcfs-hooks-lxc-3.0.3-2.1 openSUSE Leap 42.3:pam_cgfs-3.1.0-24.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html https://www.suse.com/security/cve/CVE-2015-1331.html CVE-2015-1331 https://bugzilla.suse.com/938522 SUSE Bug 938522 attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label. CVE-2015-1334 openSUSE Leap 42.3:liblxc-devel-3.1.0-24.1 openSUSE Leap 42.3:liblxc1-3.1.0-24.1 openSUSE Leap 42.3:lxc-3.1.0-24.1 openSUSE Leap 42.3:lxc-bash-completion-3.1.0-24.1 openSUSE Leap 42.3:lxcfs-3.0.3-2.1 openSUSE Leap 42.3:lxcfs-hooks-lxc-3.0.3-2.1 openSUSE Leap 42.3:pam_cgfs-3.1.0-24.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html https://www.suse.com/security/cve/CVE-2015-1334.html CVE-2015-1334 https://bugzilla.suse.com/938523 SUSE Bug 938523 lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. CVE-2015-1335 openSUSE Leap 42.3:liblxc-devel-3.1.0-24.1 openSUSE Leap 42.3:liblxc1-3.1.0-24.1 openSUSE Leap 42.3:lxc-3.1.0-24.1 openSUSE Leap 42.3:lxc-bash-completion-3.1.0-24.1 openSUSE Leap 42.3:lxcfs-3.0.3-2.1 openSUSE Leap 42.3:lxcfs-hooks-lxc-3.0.3-2.1 openSUSE Leap 42.3:pam_cgfs-3.1.0-24.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html https://www.suse.com/security/cve/CVE-2015-1335.html CVE-2015-1335 https://bugzilla.suse.com/946744 SUSE Bug 946744 lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check. CVE-2017-5985 openSUSE Leap 42.3:liblxc-devel-3.1.0-24.1 openSUSE Leap 42.3:liblxc1-3.1.0-24.1 openSUSE Leap 42.3:lxc-3.1.0-24.1 openSUSE Leap 42.3:lxc-bash-completion-3.1.0-24.1 openSUSE Leap 42.3:lxcfs-3.0.3-2.1 openSUSE Leap 42.3:lxcfs-hooks-lxc-3.0.3-2.1 openSUSE Leap 42.3:pam_cgfs-3.1.0-24.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html https://www.suse.com/security/cve/CVE-2017-5985.html CVE-2017-5985 https://bugzilla.suse.com/1028264 SUSE Bug 1028264 lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2. CVE-2018-6556 openSUSE Leap 42.3:liblxc-devel-3.1.0-24.1 openSUSE Leap 42.3:liblxc1-3.1.0-24.1 openSUSE Leap 42.3:lxc-3.1.0-24.1 openSUSE Leap 42.3:lxc-bash-completion-3.1.0-24.1 openSUSE Leap 42.3:lxcfs-3.0.3-2.1 openSUSE Leap 42.3:lxcfs-hooks-lxc-3.0.3-2.1 openSUSE Leap 42.3:pam_cgfs-3.1.0-24.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html https://www.suse.com/security/cve/CVE-2018-6556.html CVE-2018-6556 https://bugzilla.suse.com/1122185 SUSE Bug 1122185 https://bugzilla.suse.com/988348 SUSE Bug 988348 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. CVE-2019-5736 openSUSE Leap 42.3:liblxc-devel-3.1.0-24.1 openSUSE Leap 42.3:liblxc1-3.1.0-24.1 openSUSE Leap 42.3:lxc-3.1.0-24.1 openSUSE Leap 42.3:lxc-bash-completion-3.1.0-24.1 openSUSE Leap 42.3:lxcfs-3.0.3-2.1 openSUSE Leap 42.3:lxcfs-hooks-lxc-3.0.3-2.1 openSUSE Leap 42.3:pam_cgfs-3.1.0-24.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html https://www.suse.com/security/cve/CVE-2019-5736.html CVE-2019-5736 https://bugzilla.suse.com/1121967 SUSE Bug 1121967 https://bugzilla.suse.com/1122185 SUSE Bug 1122185 https://bugzilla.suse.com/1173421 SUSE Bug 1173421