liblxc-devel-4.0.9-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11030-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z liblxc-devel-4.0.9-1.1 on GA media These are all security issues fixed in the liblxc-devel-4.0.9-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11030 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-5985/ SUSE CVE CVE-2017-5985 page https://www.suse.com/security/cve/CVE-2018-6556/ SUSE CVE CVE-2018-6556 page https://www.suse.com/security/cve/CVE-2019-5736/ SUSE CVE CVE-2019-5736 page openSUSE Tumbleweed liblxc-devel-4.0.9-1.1 liblxc1-4.0.9-1.1 lxc-4.0.9-1.1 lxc-bash-completion-4.0.9-1.1 pam_cgfs-4.0.9-1.1 liblxc-devel-4.0.9-1.1 as a component of openSUSE Tumbleweed liblxc1-4.0.9-1.1 as a component of openSUSE Tumbleweed lxc-4.0.9-1.1 as a component of openSUSE Tumbleweed lxc-bash-completion-4.0.9-1.1 as a component of openSUSE Tumbleweed pam_cgfs-4.0.9-1.1 as a component of openSUSE Tumbleweed lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check. CVE-2017-5985 openSUSE Tumbleweed:liblxc-devel-4.0.9-1.1 openSUSE Tumbleweed:liblxc1-4.0.9-1.1 openSUSE Tumbleweed:lxc-4.0.9-1.1 openSUSE Tumbleweed:lxc-bash-completion-4.0.9-1.1 openSUSE Tumbleweed:pam_cgfs-4.0.9-1.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5985.html CVE-2017-5985 https://bugzilla.suse.com/1028264 SUSE Bug 1028264 lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2. CVE-2018-6556 openSUSE Tumbleweed:liblxc-devel-4.0.9-1.1 openSUSE Tumbleweed:liblxc1-4.0.9-1.1 openSUSE Tumbleweed:lxc-4.0.9-1.1 openSUSE Tumbleweed:lxc-bash-completion-4.0.9-1.1 openSUSE Tumbleweed:pam_cgfs-4.0.9-1.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6556.html CVE-2018-6556 https://bugzilla.suse.com/1122185 SUSE Bug 1122185 https://bugzilla.suse.com/1206779 SUSE Bug 1206779 https://bugzilla.suse.com/988348 SUSE Bug 988348 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. CVE-2019-5736 openSUSE Tumbleweed:liblxc-devel-4.0.9-1.1 openSUSE Tumbleweed:liblxc1-4.0.9-1.1 openSUSE Tumbleweed:lxc-4.0.9-1.1 openSUSE Tumbleweed:lxc-bash-completion-4.0.9-1.1 openSUSE Tumbleweed:pam_cgfs-4.0.9-1.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5736.html CVE-2019-5736 https://bugzilla.suse.com/1121967 SUSE Bug 1121967 https://bugzilla.suse.com/1122185 SUSE Bug 1122185 https://bugzilla.suse.com/1173421 SUSE Bug 1173421 https://bugzilla.suse.com/1218894 SUSE Bug 1218894