A vulnerability has been found in LXC which may allow for arbitrary file access (read-only).
|Package||app-emulation/lxc on all architectures|
|Affected versions||< 3.0.1-r1|
|Unaffected versions||>= 3.0.1-r1|
LinuX Containers user space utilities.
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn’t otherwise be able to reach.
A local unprivileged user could use this flaw to access arbitrary files, including special device files.
There is no known workaround at this time.
All LXC users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/lxc-3.0.1-r1"
August 22, 2018
August 22, 2018: 2