Your message dated Fri, 31 Aug 2018 12:34:12 +0000
with message-id <e1fvicu-0004cn...@fasolo.debian.org>
and subject line Bug#905586: fixed in lxc 1:2.0.9-6.1
has caused the Debian Bug report #905586,
regarding lxc: CVE-2018-6556: lxc-user-nic allows unprivileged users to open
arbitrary files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
905586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905586
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: lxc
Version: 1:2.0.9-1
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
Hi,
The following vulnerability was published for lxc.
CVE-2018-6556[0]:
lxc-user-nic allows unprivileged users to open arbitrary files
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-6556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6556
[1] https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
[2]
https://lists.linuxcontainers.org/pipermail/lxc-devel/2018-August/018336.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: lxc
Source-Version: 1:2.0.9-6.1
We believe that the bug you reported is fixed in the latest version of
lxc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 905...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated lxc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Aug 2018 15:22:46 +0200
Source: lxc
Binary: lxc lxc-dev lxc-tests liblxc1 python3-lxc lua-lxc
Architecture: source
Version: 1:2.0.9-6.1
Distribution: unstable
Urgency: medium
Maintainer: pkg-lxc <pkg-lxc-de...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 905586
Description:
liblxc1 - Linux Containers userspace tools (library)
lua-lxc - Linux Containers userspace tools (Lua bindings)
lxc - Linux Containers userspace tools
lxc-dev - Linux Containers userspace tools (development)
lxc-tests - Linux Containers userspace tools (test binaries)
python3-lxc - Linux Containers userspace tools (Python 3.x bindings)
Changes:
lxc (1:2.0.9-6.1) unstable; urgency=medium
.
* Non-maintainer upload.
* utils: add LXC_PROC_PID_FD_LEN
* CVE 2018-6556: verify netns fd in lxc-user-nic (Closes: #905586)
Checksums-Sha1:
eeec2ce51786bc600c55ae9e5c6bb888f654c11f 2770 lxc_2.0.9-6.1.dsc
7ff69e369bdd2bf447d85da8f94e015cd2aac97e 86704 lxc_2.0.9-6.1.debian.tar.xz
Checksums-Sha256:
2faf0545f0a132090392b9f82955fa66f689aeb1d013cb6f45137307de9aef7b 2770
lxc_2.0.9-6.1.dsc
cc56002ec391372542029638a07fba38f22a17b11aaf595c22582ddf9518c9c4 86704
lxc_2.0.9-6.1.debian.tar.xz
Files:
1c215abe9b7f4dda04c5633aa3f323da 2770 admin optional lxc_2.0.9-6.1.dsc
9689b4700e52dcbad3902da94b35e388 86704 admin optional
lxc_2.0.9-6.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAluHG2VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQXkP/i45QxKwOF1yUPU+hpvKW1LkDSRF7+Cv
koYzjageA6Q0kHQeus1O+PhK6u9ervcjMRFGbicItbUDPng53sUqbO9RA8l4ykBY
IWVcpSRu2SjW7o4ZmM4h7V2YquGupQsG4JHPhCbqt6a25sZE4AtKDE8cZhyP/pVl
0fmmH82EHIIt74BNmH/9xBwVeXaiOC3Nt+d20qzZxfu9nuCjRLtCRf8UIXnXTlfj
JYnhwM4He1xZtZjArEF75ha1JmiF+kFnXA/cmsg5zAKcJYUr4Bed6LA5aaCIOhG8
vxIoJl2QDajNvi1t6ds8CLzCU2NI+HY465ZQAUfhetAWotfXsgqNcsoVpdJ21wBH
LwsnJK0QUbaFXE2TWlwZfDVzqymcrvdacB8Cc8EJN4mw0nbO/Ig+hkqkV5zuwvWd
yq7i0iGAqJGfU6HadV9XKx9KyBs7NLWrxw8F+ZX/mpXcFCicviYI55V6HHhkKNoL
3HPCfqNmZz8XRxn5ZHfgEioHLdl2XLXEjKn/1D+gj5MXp59RESsSgyV9nA+38z01
eh97VI3+hAxjAHUhNz/SdkYzyWnRcgCzkClVbd74M3RSAM7l6x5q2+H2VawJS7eQ
kR+Ofmxa989yDZhz3ckhAKbiS9XO/ZQd98ny6dGsxb2hljs5rsNSqYxtJVoIk4FC
cPFbKIBznAuI
=XyDj
-----END PGP SIGNATURE-----
--- End Message ---
