GLSA-201808-02 : LinuX Containers user space utilities: Arbitrary file read
Low Nessus Plugin ID 112076
SynopsisThe remote Gentoo host is missing one or more security-related
DescriptionThe remote host is affected by the vulnerability described in GLSA-201808-02
(LinuX Containers user space utilities: Arbitrary file read)
lxc-user-nic when asked to delete a network interface will
unconditionally open a user provided path. This code path may be used by
an unprivileged user to check for the existence of a path which they
wouldn’t otherwise be able to reach.
A local unprivileged user could use this flaw to access arbitrary files,
including special device files.
There is no known workaround at this time.
SolutionAll LXC users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-emulation/lxc-2.1.1-r1'