Package: lxc Version: 1:2.0.7-2+deb9u2 Severity: normal Dear Maintainer,
both current stable and unstable versions of LXC are affected by issue similar to CVE-2018-10892 - arbitrary modification of /proc/acpi contents from inside the container. Suggested mitigation of this issue would be including: deny /proc/acpi/* rwx, to all Apparmor profiles that are provided by lxc package. And, since this can be considered a security issue, feel free to tag the bug as 'serious'. Sincerely yours, Reco -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.16.0-0.bpo.2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages lxc depends on: ii init-system-helpers 1.48 ii libapparmor1 2.11.0-3+deb9u2 ii libc6 2.24-11+deb9u3 ii libcap2 1:2.25-1 ii libgnutls30 3.5.8-5+deb9u3 ii liblxc1 1:2.0.7-2+deb9u2 ii libseccomp2 2.3.1-2.1 ii libselinux1 2.6-3+b3 ii lsb-base 9.20161125 ii python3 3.5.3-1 ii python3-lxc 1:2.0.7-2+deb9u2 Versions of packages lxc recommends: pn bridge-utils <none> pn debootstrap <none> pn dirmngr <none> pn dnsmasq-base <none> ii gnupg 2.1.18-8~deb9u2 ii iptables 1.6.0+snapshot20161117-6 pn libpam-cgfs <none> pn lxcfs <none> ii openssl 1.1.0f-3+deb9u2 ii rsync 3.1.2-1+deb9u1 pn uidmap <none> Versions of packages lxc suggests: ii apparmor 2.11.0-3+deb9u2 pn btrfs-tools <none> ii lvm2 2.02.168-2 -- Configuration Files: /etc/apparmor.d/lxc/lxc-default changed [not included] /etc/apparmor.d/lxc/lxc-default-cgns changed [not included] /etc/apparmor.d/lxc/lxc-default-with-mounting changed [not included] /etc/apparmor.d/lxc/lxc-default-with-nesting changed [not included] -- debconf-show failed
