Your message dated Sat, 11 Mar 2017 10:03:37 +0000
with message-id <e1cmds9-0005a1...@fasolo.debian.org>
and subject line Bug#857295: fixed in lxc 1:2.0.7-2
has caused the Debian Bug report #857295,
regarding lxc: CVE-2017-5985: lxc-user-nic didn't verify network namespace
ownership
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
857295: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857295
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: lxc
Version: 1:1.0.6-6
Severity: grave
Tags: patch upstream security
Justification: user security hole
Hi,
the following vulnerability was published for lxc, filling it with RC
severity, should possibly be fixed in stretch before the release,
although we do not enable user namespaces by default.
CVE-2017-5985[0]:
lxc-user-nic didn't verify network namespace ownership
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5985
[1] https://lists.linuxcontainers.org/pipermail/lxc-users/2017-March/012925.html
[2] https://launchpad.net/bugs/1654676
[3] https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: lxc
Source-Version: 1:2.0.7-2
We believe that the bug you reported is fixed in the latest version of
lxc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 857...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Evgeni Golov <evg...@debian.org> (supplier of updated lxc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 11 Mar 2017 09:47:20 +0100
Source: lxc
Binary: lxc lxc-dev lxc-tests liblxc1 python3-lxc lua-lxc
Architecture: source
Version: 1:2.0.7-2
Distribution: unstable
Urgency: high
Maintainer: pkg-lxc <pkg-lxc-de...@lists.alioth.debian.org>
Changed-By: Evgeni Golov <evg...@debian.org>
Description:
liblxc1 - Linux Containers userspace tools (library)
lua-lxc - Linux Containers userspace tools (Lua bindings)
lxc - Linux Containers userspace tools
lxc-dev - Linux Containers userspace tools (development)
lxc-tests - Linux Containers userspace tools (test binaries)
python3-lxc - Linux Containers userspace tools (Python 3.x bindings)
Closes: 857295
Changes:
lxc (1:2.0.7-2) unstable; urgency=high
.
* use bash-completion's pkg-config support and don't move files around
* ignore lxc-test-cloneconfig if kernel has no overlay support
* CVE-2017-5985: Ensure target netns is caller-owned (Closes: #857295)
Checksums-Sha1:
f9290865d7b156c43f4a0d507f7fe5d5c7fd0327 2619 lxc_2.0.7-2.dsc
08d6f7dfe69514c6710577445a5003adc0756d98 84520 lxc_2.0.7-2.debian.tar.xz
27ec3524cba3db28f39d41f92766ba436014e07b 7803 lxc_2.0.7-2_source.buildinfo
Checksums-Sha256:
7ffd186c751e571082005e03735b40e9f643ba4f1a92631759f0b6e66855a60b 2619
lxc_2.0.7-2.dsc
8ab21fc7805c6c27ac8647bcaacd23b4151c7f5601d824c4e3ecebf06c4544d9 84520
lxc_2.0.7-2.debian.tar.xz
5e1d6941ea4e911df8485ba1ccc2e88bd0d558f024c84c90cfb0dcdde5ac81cc 7803
lxc_2.0.7-2_source.buildinfo
Files:
179a233a30cf61537a15cbcbefdb9449 2619 admin optional lxc_2.0.7-2.dsc
5604ed2d7f44ad3efc7600c016f667b3 84520 admin optional lxc_2.0.7-2.debian.tar.xz
d38cfe174074a807f5432beb49365be4 7803 admin optional
lxc_2.0.7-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEExXWpV+gZuhi/B+dmobCbQjM5YegFAljDxvgACgkQobCbQjM5
YeiaQRAAtBfPbHhetUrXKR9uAUa/slXNOkTPXXr/JDIxQo6h0pALGhqJKVG1d46v
3Eg8Efuu7EBxU5Vy1qRrz318vnj5HEs9sdlbU9chUO82lXVivCgCE4+75xRBtpKU
mfgTNGsIMWEz1iDQElkZqc/rvXzrA3CY57c0C77FIBKS39058sF2Jga1xvXserDk
xSb3RyMDlfIWtfV8oUmXFk1bBj5u7Y0fA3l/15i4yrxvMvH2jLCCEDFks/oXFVfZ
xnYuL5mnzwA94UmxhrcPAymtvmQDEnwmOm5+8e/kwj/k9oODfwEUqpEm3fm1o2aE
GGy2mOvSoBXO87AiiMEDxh6QBe3pQaG3jmxsR5+VAWeRRc4rlU89TL9kjfZ1R5OA
f8NyXL7fJcSS9wekYM7Ll/USV2LMcbf0Gw2ypOTn3goX1zKRqITSiHNpamP8JlfI
G35CpLI+ugmSE3zmIlOGLL6aum7pDBlIJNbF6tA9Gu1tOP8HtWBkmAFsV0Py2wCF
1l10gksnu/sMSn4BkbCsxIMzjtpBDWX8gxUfO6F2X6ean0ehtlQ85YY/J2eMF7Me
DW5xcbJNfvKmGczUr2Nl2d/c7X345SWahKXOYQpU6Zt925o7mB5mpDum6+bW6gge
ndNgViWk+jEZZr49Upz+r3KtVo9rJkGJlGOFiQJSYC6m1kiI33k=
=AUlS
-----END PGP SIGNATURE-----
--- End Message ---
