[USN-2988-1] LXD vulnerabilities

Fabricante: Ubuntu
Fecha: 31/05/2016
Identificador: USN-2988-1
[USN-2988-1] LXD vulnerabilities
========================================================================== Ubuntu Security Notice USN-2988-1 May 31, 2016 lxd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 Summary: Several security issues were fixed in LXD. Software Description: - lxd: Container hypervisor based on LXC Details: Robie Basak discovered that LXD incorrectly set permissions when setting up a loop based ZFS pool. A local attacker could use this issue to copy and read the data of any LXD container. (CVE-2016-1581) Robie Basak discovered that LXD incorrectly set permissions when switching an unprivileged container into privileged mode. A local attacker could use this issue to access any world readable path in the container directory, including setuid binaries. (CVE-2016-1582) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: lxd 2.0.2-0ubuntu1~16.04.1 Ubuntu 15.10: lxd 0.20-0ubuntu4.2 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2988-1 CVE-2016-1581, CVE-2016-1582 Package Information: https://launchpad.net/ubuntu/+source/lxd/2.0.2-0ubuntu1~16.04.1 https://launchpad.net/ubuntu/+source/lxd/0.20-0ubuntu4.2 --