Test ID:	1.3.6.1.4.1.25623.1.1.13.2019.043.01
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2019-043-01)
Summary:	The remote host is missing an update for the 'lxc' package(s) announced via the SSA:2019-043-01 advisory.
Description:	Summary: The remote host is missing an update for the 'lxc' package(s) announced via the SSA:2019-043-01 advisory. Vulnerability Insight: New lxc packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/lxc-2.0.9_d3a03247-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue where a malicious privileged container could overwrite the host binary and thus gain root-level code execution on the host. As the LXC project considers privileged containers to be unsafe no CVE has been assigned for this issue for LXC. To prevent this attack, LXC has been patched to create a temporary copy of the calling binary itself when it starts or attaches to containers. To do this LXC creates an anonymous, in-memory file using the memfd_create() system call and copies itself into the temporary in-memory file, which is then sealed to prevent further modifications. LXC then executes this sealed, in-memory file instead of the original on-disk binary. For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'lxc' package(s) on Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.