USN-3224-1: LXC vulnerability
Ubuntu Security Notice USN-3224-1
9th March, 2017
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
LXC could be made to create arbitrary virtual network interfaces as an administrator.
- lxc - Linux Containers userspace tools
Jann Horn discovered that LXC incorrectly verified permissions when creating
virtual network interfaces. A local attacker could possibly use this issue to
create virtual network interfaces in network namespaces that they do not own.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 16.10:
- lxc-common 2.0.7-0ubuntu1~16.10.2
- Ubuntu 16.04 LTS:
- lxc-common 2.0.7-0ubuntu1~16.04.2
- Ubuntu 14.04 LTS:
- lxc 1.0.9-0ubuntu3
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.