MGASA-2015-0304

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0304.html

Import Source

https://advisories.mageia.org/MGASA-2015-0304.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2015-0304

Related

Published

2015-08-07T19:20:18Z

Modified

2015-08-07T19:08:01Z

Summary

Updated lxc package fixes security vulnerability

Details

Roman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user (CVE-2015-1331).

Roman Fiedler discovered that LXC incorrectly trusted the container's proc filesystem to set up AppArmor profile changes and SELinux domain transitions. A local attacker could exploit this flaw to run programs inside the container that are not confined by AppArmor or SELinux (CVE-2015-1334).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2015-0304

Affected packages