This bug was fixed in the package lxc - 0.7.5-3ubuntu53
---
lxc (0.7.5-3ubuntu53) precise-proposed; urgency=low
* 0074-fix-sprintfs - check return values for all sprintfs and snprintfs
which could overflow (LP: #988918)
* 0075-execute-without-rootfs: let lxc-execute succeed
This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu1
---
lxc (0.8.0~rc1-4ubuntu1) quantal; urgency=low
* Merge from unstable. Remaining changes:
- control:
- update maintainer
- Build-Depends: add dh-apparmor and libapparmor-dev
- lxc Depends: add
** Branch linked: lp:ubuntu/lxc
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/988918
Title:
buffer overflows possible in liblxc
To manage notifications about this bug go to:
** Branch linked: lp:ubuntu/precise-proposed/lxc
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/988918
Title:
buffer overflows possible in liblxc
To manage notifications about this
Hello Serge, or anyone else affected,
Accepted lxc into precise-proposed. The package will build now and be
available in a few hours. Please test and give feedback here. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed. Thank you in advance!
**
Verified.
I tested it with:
bzr branch lp:/~frankban/lpsetup/lp-lxc-ip/
cd lp-lxc-ip/lp-lxc-ip
sed -i 's/\[:85\]//' lxcip.py
sudo ./lxcip.py -n
** Also affects: lxc (Ubuntu Precise)
Importance: Undecided
Status: New
** Description changed:
- Some code in liblxc calls sprintf, or doesn't check return values of
- snprintf. Find and fix those.
+ ==
+ SRU Justification:
+ Impact: callers of liblxc
** Changed in: lxc (Ubuntu Precise)
Importance: Undecided = High
** Description changed:
==
SRU Justification:
Impact: callers of liblxc (like lxc-ip) can easily get buffer overruns
Stable fix: will be same as development fix
Development fix: Change all
