[lxc-devel] Security fix for CVE-2017-5985 (lxc-user-nic)
stgraber at ubuntu.com
Thu Mar 9 16:51:01 UTC 2017
Today we're releasing security fixes for CVE-2017-5985.
This security issue was reported by Jann Horn from Google and has to do
with a lack of netns ownership check in lxc-user-nic, which would allow
any user with a lxc-usernet allocation to create network interfaces on
the host including choosing the name of that network interface.
The created interface wouldn't be UP so is unlikely to be automatically
brought up or get an address, but this issue could be used to squat the
name of a real system network interface before it appears.
The fix we're pushing today has lxc-user-nic drop privilege to the
requesting user at interface rename time. This will still allow users to
create veth pairs but it will not let them be renamed to whatever they
Original report: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
We have fixes for all supported LXC branches:
- stable-1.0: https://github.com/lxc/lxc/commit/c905f00ad78b78a5e9c0d67504b86e00dfe085ec
- stable-2.0: https://github.com/lxc/lxc/commit/d512bd5efb0e407eba350c4e649c464a65b712a3
- master: https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
We also have a backported version of the fix for LXC 1.1 should anyone
still use this unsupported version of LXC:
Distributions have been notified ahead of this release so most of them
should have updated packages out already or will really soon.
This security fix will be included in the next round of LXC bugfix
releases, until then, people building by hand should be including the
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: not available
More information about the lxc-devel