oss-security - Re: Security issues in LXC (CVE-2015-1331 and CVE-2015-1334)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Thu, 23 Jul 2015 04:13:28 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: Security issues in LXC (CVE-2015-1331 and CVE-2015-1334)

On Wed, Jul 22, 2015 at 04:16:57PM +0000, Fiedler Roman wrote:
> To help others discover similar issues, not only in container virtualization
> e.g. LXC, Docker, Vserver,  OpenVZ, but also other programs, I've written up
> the basic analysis methods used during testing in [1]. Detection examples
> for the not yet disclosed vulnerabilities are omitted and will be included
> in future release.
> 
> Roman
> 
> [1] https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.txt (.html)

Good stuff!  To have it archived along with oss-security postings, I've
attached a copy of your LxcSecurityAnalysis.txt to this message.

Alexander

View attachment "LxcSecurityAnalysis.txt" of type "text/plain" (15877 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.