oss-security - Re: Security issues in LXC (CVE-2015-1331 and CVE-2015-1334)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Wed, 22 Jul 2015 16:16:57 +0000
From: Fiedler Roman <Roman.Fiedler@....ac.at>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
CC: Serge Hallyn <serge.hallyn@...ntu.com>,
        Stéphane Graber
	<stgraber@...ntu.com>,
        "security@...ntu.com" <security@...ntu.com>,
        "Tyler
 Hicks" <tyhicks@...onical.com>
Subject: Re: Security issues in LXC (CVE-2015-1331 and CVE-2015-1334)

> Von: Tyler Hicks [mailto:tyhicks@...onical.com]
> 
> Two security issues were found in LXC:
> 
> [snip]

To help others discover similar issues, not only in container virtualization
e.g. LXC, Docker, Vserver,  OpenVZ, but also other programs, I've written up
the basic analysis methods used during testing in [1]. Detection examples
for the not yet disclosed vulnerabilities are omitted and will be included
in future release.

Roman

[1] https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.txt (.html)

Download attachment "smime.p7s" of type "application/pkcs7-signature" (6344 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.