From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] lxc: security bump to version 3.0.3
Date: Mon, 3 Dec 2018 09:09:56 +0100 [thread overview]
Message-ID: <20181203090956.1972a2f9@windsurf.home> (raw)
In-Reply-To: <20181202090838.15776-1-fontaine.fabrice@gmail.com>
Hello,
On Sun, 2 Dec 2018 10:08:38 +0100, Fabrice Fontaine wrote:
> This bump also includes the fix for CVE-2018-6556 released in 3.0.2 via
> commit "CVE 2018-6556: verify netns fd in lxc-user-nic": lxc-user-nic
> when asked to delete a network interface will unconditionally open a
> user provided path:
> https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032
>
> This code path may be used by an unprivileged user to check for the
> existence of a path which they wouldn't otherwise be able to reach. It
> may also be used to trigger side effects by causing a (read-only) open
> of special kernel files (ptmx, proc, sys).
>
> Also add a dependency on gcc >= 4.7
> (https://github.com/lxc/lxc/issues/2592)
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/lxc/Config.in | 4 +++-
> package/lxc/lxc.hash | 2 +-
> package/lxc/lxc.mk | 2 +-
> 3 files changed, 5 insertions(+), 3 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2018-12-03 8:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-02 9:08 [Buildroot] [PATCH 1/1] lxc: security bump to version 3.0.3 Fabrice Fontaine
2018-12-03 8:09 ` Thomas Petazzoni [this message]
2018-12-09 21:36 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181203090956.1972a2f9@windsurf.home \
--to=thomas.petazzoni@bootlin.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox