Your message dated Sat, 29 Apr 2017 19:32:13 +0000
with message-id <[email protected]>
and subject line Bug#857295: fixed in lxc 1:1.0.6-6+deb8u6
has caused the Debian Bug report #857295,
regarding lxc: CVE-2017-5985: lxc-user-nic didn't verify network namespace
ownership
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
857295: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857295
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lxc
Version: 1:1.0.6-6
Severity: grave
Tags: patch upstream security
Justification: user security hole
Hi,
the following vulnerability was published for lxc, filling it with RC
severity, should possibly be fixed in stretch before the release,
although we do not enable user namespaces by default.
CVE-2017-5985[0]:
lxc-user-nic didn't verify network namespace ownership
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5985
[1] https://lists.linuxcontainers.org/pipermail/lxc-users/2017-March/012925.html
[2] https://launchpad.net/bugs/1654676
[3] https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: lxc
Source-Version: 1:1.0.6-6+deb8u6
We believe that the bug you reported is fixed in the latest version of
lxc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Evgeni Golov <[email protected]> (supplier of updated lxc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 11 Mar 2017 10:42:30 +0100
Source: lxc
Binary: lxc lxc-dbg
Architecture: source amd64
Version: 1:1.0.6-6+deb8u6
Distribution: jessie
Urgency: medium
Maintainer: Daniel Baumann <[email protected]>
Changed-By: Evgeni Golov <[email protected]>
Description:
lxc - Linux Containers userspace tools
lxc-dbg - Linux Containers userspace tools (debug)
Closes: 857295
Changes:
lxc (1:1.0.6-6+deb8u6) jessie; urgency=medium
.
* CVE-2017-5985: Ensure target netns is caller-owned (Closes: #857295)
Checksums-Sha1:
f62ccb9c9b549dd6a7923965358a3a4f81563654 2096 lxc_1.0.6-6+deb8u6.dsc
e38eaaff508b0409fe7eadbdcf2f9f5b1fd3a736 40312 lxc_1.0.6-6+deb8u6.debian.tar.xz
3f92feb5fcfc3ff6d2a8f11f2b5551cf685be972 625298 lxc_1.0.6-6+deb8u6_amd64.deb
855add20de14eb4230989717e6d3633bf8fb8806 773544
lxc-dbg_1.0.6-6+deb8u6_amd64.deb
Checksums-Sha256:
2fab944cd9ce01b3c88817da00793dd5ae03c9e36c1116c1bcc992deae57ece4 2096
lxc_1.0.6-6+deb8u6.dsc
7a34fc42bb07e6627e3591f164d2af28b0abc6c54cfaef43c73cba59f0a8408a 40312
lxc_1.0.6-6+deb8u6.debian.tar.xz
f9b3772385ec614e08c85bf965c6624ff988bf159cc10b4ba483342121e20182 625298
lxc_1.0.6-6+deb8u6_amd64.deb
f985a9d245ace202d9d9cece72b0ee96519ee3eb3b78df18a8b7ff4050ca953b 773544
lxc-dbg_1.0.6-6+deb8u6_amd64.deb
Files:
41f67174489d339fbedd3d11213565d9 2096 admin optional lxc_1.0.6-6+deb8u6.dsc
891a1c1f4e1a804f00a04cbbfb58a099 40312 admin optional
lxc_1.0.6-6+deb8u6.debian.tar.xz
2b43d53c9b557919a6727e3aa6d13ede 625298 admin optional
lxc_1.0.6-6+deb8u6_amd64.deb
97a3c669a5addb5e67cba4da66024226 773544 debug extra
lxc-dbg_1.0.6-6+deb8u6_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEExXWpV+gZuhi/B+dmobCbQjM5YegFAlkEPDgACgkQobCbQjM5
YehxShAA1LxrJ+2WR95eek4YatFSYeQ34Uqvv+R8ekmEI5io1+DaUxWEmfFm8WsZ
uKd0Prz7vuW8DV5u6y+GuYfA2vcZE+djgPComgmiGLY0T+QbQO+YxGxoaUjaC67n
y+ODw9WPtAu6qH8+JNBoeo5DxaVf+impWEPalJVt6FxBejhDrUzuimLSlAS2O7GO
/ow0d0xC2Qu8CKMa5AS4GqZee1CDOMqyTW+3W/fTayWEjMp8SfDmvYEsL0y774+E
gdEb5v4vY1JDxdCXkAKF5gBwGUOuTYJNkojLKuFg3vHMAGDSAhXry7HDgViRr9NM
LsX5PCH4qIZG1u/SZjO5Wxgr0n1KWcq2CR8AIl2R5nYDjy3IrDwRqWg1qNQtKZd+
3h+sLxphu7IzniabbdKTs2Ap+gbor7Jx7/E8eGyfFS2lfw4wCMbUA3njuj4w39d7
+jtX1NZ77IRW8IcxvHbef5LsF55KX4wTXHA8P5H2Spvr174JuGH1DzBQHigdSf5k
F/Km5XTzeM6z/Ft62Ptdgg6on3n3JjV2dddn4YO/N0YAEhF1KlAhfeLv/KeYZBWZ
PjTEcIHVJi1rWLySCpiGaQdaog3JH9Yt5++LyeGGF24e3upuMtTw/dp2MiuDP7e9
0TvdT2NYPDso5vBeUUJ79h+gKXmEwPAtf1tNryI9mhdlO7UeiYg=
=SEAO
-----END PGP SIGNATURE-----
--- End Message ---
