User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
changelog_14.2 [2019/02/12 17:08]
changelog_14.2 [2019/02/12 23:41] (current)
Line 2: Line 2:
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
 +==== 2019-02-12 ====
 +**lxc-2.0.9_d3a03247**: ​ Upgraded.
 +This update fixes a security issue where a malicious privileged container
 +could overwrite the host binary and thus gain root-level code execution on
 +the host. As the LXC project considers privileged containers to be unsafe
 +no CVE has been assigned for this issue for LXC. To prevent this attack,
 +LXC has been patched to create a temporary copy of the calling binary
 +itself when it starts or attaches to containers. To do this LXC creates an
 +anonymous, in-memory file using the memfd_create() system call and copies
 +itself into the temporary in-memory file, which is then sealed to prevent
 +further modifications. LXC then executes this sealed, in-memory file
 +instead of the original on-disk binary.
 +For more information,​ see:
 +  * https://​​oss-sec/​2019/​q1/​119
 +(**Security fix**)
 ==== 2019-02-12 ==== ==== 2019-02-12 ====
changelog_14.2.txt ยท Last modified: 2019/02/12 23:41 by connie