Ubuntu 15.10 / 16.04 LTS : lxd vulnerabilities (USN-2988-1)
Low Nessus Plugin ID 91424
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionRobie Basak discovered that LXD incorrectly set permissions when setting up a loop based ZFS pool. A local attacker could use this issue to copy and read the data of any LXD container. (CVE-2016-1581)
Robie Basak discovered that LXD incorrectly set permissions when switching an unprivileged container into privileged mode. A local attacker could use this issue to access any world readable path in the container directory, including setuid binaries. (CVE-2016-1582).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected lxd package.