[Buildroot] [PATCH 1/1] lxc: security bump to version 3.0.3
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Mon Dec 3 08:09:56 UTC 2018
Hello,
On Sun, 2 Dec 2018 10:08:38 +0100, Fabrice Fontaine wrote:
> This bump also includes the fix for CVE-2018-6556 released in 3.0.2 via
> commit "CVE 2018-6556: verify netns fd in lxc-user-nic": lxc-user-nic
> when asked to delete a network interface will unconditionally open a
> user provided path:
> https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032
>
> This code path may be used by an unprivileged user to check for the
> existence of a path which they wouldn't otherwise be able to reach. It
> may also be used to trigger side effects by causing a (read-only) open
> of special kernel files (ptmx, proc, sys).
>
> Also add a dependency on gcc >= 4.7
> (https://github.com/lxc/lxc/issues/2592)
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
> package/lxc/Config.in | 4 +++-
> package/lxc/lxc.hash | 2 +-
> package/lxc/lxc.mk | 2 +-
> 3 files changed, 5 insertions(+), 3 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list