MGASA-2017-0167

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2016-8649 CVE-2017-5985

Published: 12 Jun 2017, 07:42

Last modified:16 Apr 2026, 06:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Jun 2017, 07:42

Published

Vulnerability first disclosed

16 Apr 2026, 06:26

Last Modified

Vulnerability information updated

Description

Updated lxc packages fix security vulnerabilities Roman Fiedler discovered a directory traversal flaw in lxc-attach. An attacker with access to an LXC container could exploit this flaw to access files outside of the container (CVE-2016-8649). Jann Horn discovered that LXC incorrectly verified permissions when creating virtual network interfaces. A local attacker could possibly use this issue to create virtual network interfaces in network namespaces that they do not own (CVE-2017-5985). The lxc package has been updated to version 1.0.10 to fix these issues and other bugs.

Affected Systems

mageia•lxc
< 1.0.10-1.mga5

MGASA-2017-0167

Vulnerability Summary

Timeline

Description

Affected Systems

References (6)