lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "liblxc1", "binary_version": "1.0.7-0ubuntu0.5" }, { "binary_name": "lxc", "binary_version": "1.0.7-0ubuntu0.5" }, { "binary_name": "lxc-dev", "binary_version": "1.0.7-0ubuntu0.5" }, { "binary_name": "lxc-templates", "binary_version": "1.0.7-0ubuntu0.5" }, { "binary_name": "lxc-tests", "binary_version": "1.0.7-0ubuntu0.5" }, { "binary_name": "python3-lxc", "binary_version": "1.0.7-0ubuntu0.5" } ] }