SUSE Package Hub - openSUSE-2019-1227

Update Info

openSUSE-2019-1227

Security update for lxc, lxcfs

Type: security

Severity: important

Issued: 2019-04-17

Description:

This update for lxc, lxcfs to version 3.1.0 fixes the following issues:

Security issues fixed:

- CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185).
- CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348).

Non-security issues fixed:

- Update to LXC 3.1.0. The changelog is far too long to include here, please
  look at https://linuxcontainers.org/. (boo#1131762)

References

CVE: CVE-2019-5736
CVE: CVE-2018-6556
Bugzilla: 988348 AUDIT-0: CVE-2018-6556: lxc: enable setuid bit on lxc-user-nic
Bugzilla: 1131762 lxc: update to 3.x
Bugzilla: 1122185 VUL-0: lxc: container breakout vulnerability

Packages

lxc-3.1.0-bp150.5.3.1

lxcfs-3.0.3-bp150.3.3.1