Test Kennung:	1.3.6.1.4.1.25623.1.1.13.2019.043.01
Kategorie:	Slackware Local Security Checks
Titel:	Slackware: Security Advisory (SSA:2019-043-01)
Zusammenfassung:	The remote host is missing an update for the 'lxc' package(s) announced via the SSA:2019-043-01 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'lxc' package(s) announced via the SSA:2019-043-01 advisory. Vulnerability Insight: New lxc packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/lxc-2.0.9_d3a03247-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue where a malicious privileged container could overwrite the host binary and thus gain root-level code execution on the host. As the LXC project considers privileged containers to be unsafe no CVE has been assigned for this issue for LXC. To prevent this attack, LXC has been patched to create a temporary copy of the calling binary itself when it starts or attaches to containers. To do this LXC creates an anonymous, in-memory file using the memfd_create() system call and copies itself into the temporary in-memory file, which is then sealed to prevent further modifications. LXC then executes this sealed, in-memory file instead of the original on-disk binary. For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'lxc' package(s) on Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.