lxc: CVE-2018-6556: lxc-user-nic allows unprivileged users to open arbitrary files

Debian Bug report logs - #905586
lxc: CVE-2018-6556: lxc-user-nic allows unprivileged users to open arbitrary files

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: lxc: CVE-2018-6556: lxc-user-nic allows unprivileged users to open arbitrary files

Date: Mon, 06 Aug 2018 19:08:37 +0200

Source: lxc
Version: 1:2.0.9-1
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591

Hi,

The following vulnerability was published for lxc.

CVE-2018-6556[0]:
lxc-user-nic allows unprivileged users to open arbitrary files

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-6556
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6556
[1] https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
[2] https://lists.linuxcontainers.org/pipermail/lxc-devel/2018-August/018336.html

Regards,
Salvatore

Message #10 received at 905586@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: 905586@bugs.debian.org

Subject: Re: Bug#905586: lxc: CVE-2018-6556: lxc-user-nic allows unprivileged users to open arbitrary files

Date: Tue, 14 Aug 2018 00:14:30 +0100

[Message part 1 (text/plain, inline)]

On Mon, 06 Aug 2018 at 19:08:37 +0200, Salvatore Bonaccorso wrote:
> Forwarded: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591

Patches from the upstream bug for the 2.0 branch:
https://launchpadlibrarian.net/381944814/0001-utils-add-LXC_PROC_PID_FD_LEN_stable-2.0.patch
https://launchpadlibrarian.net/380888109/stable-2.0-lxc-user-nic-verify-file-descriptor.patch
also attached.

    smcv

[0001-utils-add-LXC_PROC_PID_FD_LEN_stable-2.0.patch (text/x-diff, attachment)]

[stable-2.0-lxc-user-nic-verify-file-descriptor.patch (text/x-diff, attachment)]

Message #15 received at 905586@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 905586@bugs.debian.org

Subject: lxc: diff for NMU version 1:2.0.9-6.1

Date: Thu, 30 Aug 2018 22:06:15 +0200

[Message part 1 (text/plain, inline)]

Control: tags 905586 + pending


Dear maintainer,

I've prepared an NMU for lxc (versioned as 1:2.0.9-6.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer. Note that the two patches while adressing the
issue, still would allow test for existence of files, but this was
afaics not adressed explicitly.

Regards,
Salvatore

[lxc-2.0.9-6.1-nmu.diff (text/x-diff, attachment)]

Message #22 received at 905586@bugs.debian.org (full text, mbox, reply):

From: Antonio Terceiro <terceiro@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 905586@bugs.debian.org

Subject: Re: Bug#905586: lxc: diff for NMU version 1:2.0.9-6.1

Date: Fri, 31 Aug 2018 08:14:57 -0300

[Message part 1 (text/plain, inline)]

On Thu, Aug 30, 2018 at 10:06:15PM +0200, Salvatore Bonaccorso wrote:
> Control: tags 905586 + pending
> 
> 
> Dear maintainer,
> 
> I've prepared an NMU for lxc (versioned as 1:2.0.9-6.1) and
> uploaded it to DELAYED/5.

Thanks!

> Please feel free to tell me if I should delay it longer.

on the contrary: please feel free to make it an immediate upload. I will
import your diff in the git repository

[signature.asc (application/pgp-signature, inline)]

Message #27 received at 905586-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 905586-close@bugs.debian.org

Subject: Bug#905586: fixed in lxc 1:2.0.9-6.1

Date: Fri, 31 Aug 2018 12:34:12 +0000

Source: lxc
Source-Version: 1:2.0.9-6.1

We believe that the bug you reported is fixed in the latest version of
lxc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 905586@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated lxc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Aug 2018 15:22:46 +0200
Source: lxc
Binary: lxc lxc-dev lxc-tests liblxc1 python3-lxc lua-lxc
Architecture: source
Version: 1:2.0.9-6.1
Distribution: unstable
Urgency: medium
Maintainer: pkg-lxc <pkg-lxc-devel@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 905586
Description: 
 liblxc1    - Linux Containers userspace tools (library)
 lua-lxc    - Linux Containers userspace tools (Lua bindings)
 lxc        - Linux Containers userspace tools
 lxc-dev    - Linux Containers userspace tools (development)
 lxc-tests  - Linux Containers userspace tools (test binaries)
 python3-lxc - Linux Containers userspace tools (Python 3.x bindings)
Changes:
 lxc (1:2.0.9-6.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * utils: add LXC_PROC_PID_FD_LEN
   * CVE 2018-6556: verify netns fd in lxc-user-nic (Closes: #905586)
Checksums-Sha1: 
 eeec2ce51786bc600c55ae9e5c6bb888f654c11f 2770 lxc_2.0.9-6.1.dsc
 7ff69e369bdd2bf447d85da8f94e015cd2aac97e 86704 lxc_2.0.9-6.1.debian.tar.xz
Checksums-Sha256: 
 2faf0545f0a132090392b9f82955fa66f689aeb1d013cb6f45137307de9aef7b 2770 lxc_2.0.9-6.1.dsc
 cc56002ec391372542029638a07fba38f22a17b11aaf595c22582ddf9518c9c4 86704 lxc_2.0.9-6.1.debian.tar.xz
Files: 
 1c215abe9b7f4dda04c5633aa3f323da 2770 admin optional lxc_2.0.9-6.1.dsc
 9689b4700e52dcbad3902da94b35e388 86704 admin optional lxc_2.0.9-6.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAluHG2VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQXkP/i45QxKwOF1yUPU+hpvKW1LkDSRF7+Cv
koYzjageA6Q0kHQeus1O+PhK6u9ervcjMRFGbicItbUDPng53sUqbO9RA8l4ykBY
IWVcpSRu2SjW7o4ZmM4h7V2YquGupQsG4JHPhCbqt6a25sZE4AtKDE8cZhyP/pVl
0fmmH82EHIIt74BNmH/9xBwVeXaiOC3Nt+d20qzZxfu9nuCjRLtCRf8UIXnXTlfj
JYnhwM4He1xZtZjArEF75ha1JmiF+kFnXA/cmsg5zAKcJYUr4Bed6LA5aaCIOhG8
vxIoJl2QDajNvi1t6ds8CLzCU2NI+HY465ZQAUfhetAWotfXsgqNcsoVpdJ21wBH
LwsnJK0QUbaFXE2TWlwZfDVzqymcrvdacB8Cc8EJN4mw0nbO/Ig+hkqkV5zuwvWd
yq7i0iGAqJGfU6HadV9XKx9KyBs7NLWrxw8F+ZX/mpXcFCicviYI55V6HHhkKNoL
3HPCfqNmZz8XRxn5ZHfgEioHLdl2XLXEjKn/1D+gj5MXp59RESsSgyV9nA+38z01
eh97VI3+hAxjAHUhNz/SdkYzyWnRcgCzkClVbd74M3RSAM7l6x5q2+H2VawJS7eQ
kR+Ofmxa989yDZhz3ckhAKbiS9XO/ZQd98ny6dGsxb2hljs5rsNSqYxtJVoIk4FC
cPFbKIBznAuI
=XyDj
-----END PGP SIGNATURE-----

Message #32 received at 905586@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Antonio Terceiro <terceiro@debian.org>, 905586@bugs.debian.org

Subject: Re: Bug#905586: lxc: diff for NMU version 1:2.0.9-6.1

Date: Fri, 31 Aug 2018 14:42:15 +0200

[Message part 1 (text/plain, inline)]

Hi Antonio,

On Fri, Aug 31, 2018 at 08:14:57AM -0300, Antonio Terceiro wrote:
> On Thu, Aug 30, 2018 at 10:06:15PM +0200, Salvatore Bonaccorso wrote:
> > Control: tags 905586 + pending
> > 
> > 
> > Dear maintainer,
> > 
> > I've prepared an NMU for lxc (versioned as 1:2.0.9-6.1) and
> > uploaded it to DELAYED/5.
> 
> Thanks!
> 
> > Please feel free to tell me if I should delay it longer.
> 
> on the contrary: please feel free to make it an immediate upload. I will
> import your diff in the git repository

Thank you, I just have rescheduled it.

if you prefer to have the single commits they are attached to this
mail. I realize you probably would have prefered a proper merge
request, but I did not start working from the salsa repo but from a
gbp import-dsc git repo.

Regards,
Salvatore

[0001-utils-add-LXC_PROC_PID_FD_LEN.patch (text/x-diff, attachment)]

[0002-CVE-2018-6556-verify-netns-fd-in-lxc-user-nic.patch (text/x-diff, attachment)]

[0003-Prepare-changelog-for-release.patch (text/x-diff, attachment)]

Message #37 received at 905586@bugs.debian.org (full text, mbox, reply):

From: Antonio Terceiro <terceiro@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 905586@bugs.debian.org

Subject: Re: Bug#905586: lxc: diff for NMU version 1:2.0.9-6.1

Date: Fri, 31 Aug 2018 16:07:56 -0300

[Message part 1 (text/plain, inline)]

On Fri, Aug 31, 2018 at 02:42:15PM +0200, Salvatore Bonaccorso wrote:
> Hi Antonio,
> 
> On Fri, Aug 31, 2018 at 08:14:57AM -0300, Antonio Terceiro wrote:
> > On Thu, Aug 30, 2018 at 10:06:15PM +0200, Salvatore Bonaccorso wrote:
> > > Control: tags 905586 + pending
> > > 
> > > 
> > > Dear maintainer,
> > > 
> > > I've prepared an NMU for lxc (versioned as 1:2.0.9-6.1) and
> > > uploaded it to DELAYED/5.
> > 
> > Thanks!
> > 
> > > Please feel free to tell me if I should delay it longer.
> > 
> > on the contrary: please feel free to make it an immediate upload. I will
> > import your diff in the git repository
> 
> Thank you, I just have rescheduled it.
> 
> if you prefer to have the single commits they are attached to this
> mail. I realize you probably would have prefered a proper merge
> request, but I did not start working from the salsa repo but from a
> gbp import-dsc git repo.

I had already applied the original diff that you posted before I
replied.

[signature.asc (application/pgp-signature, inline)]

Message #42 received at 905586@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Antonio Terceiro <terceiro@debian.org>

Cc: 905586@bugs.debian.org

Subject: Re: Bug#905586: lxc: diff for NMU version 1:2.0.9-6.1

Date: Fri, 31 Aug 2018 21:24:20 +0200

Hi Antonio,

On Fri, Aug 31, 2018 at 04:07:56PM -0300, Antonio Terceiro wrote:
> On Fri, Aug 31, 2018 at 02:42:15PM +0200, Salvatore Bonaccorso wrote:
> > Hi Antonio,
> > 
> > On Fri, Aug 31, 2018 at 08:14:57AM -0300, Antonio Terceiro wrote:
> > > On Thu, Aug 30, 2018 at 10:06:15PM +0200, Salvatore Bonaccorso wrote:
> > > > Control: tags 905586 + pending
> > > > 
> > > > 
> > > > Dear maintainer,
> > > > 
> > > > I've prepared an NMU for lxc (versioned as 1:2.0.9-6.1) and
> > > > uploaded it to DELAYED/5.
> > > 
> > > Thanks!
> > > 
> > > > Please feel free to tell me if I should delay it longer.
> > > 
> > > on the contrary: please feel free to make it an immediate upload. I will
> > > import your diff in the git repository
> > 
> > Thank you, I just have rescheduled it.
> > 
> > if you prefer to have the single commits they are attached to this
> > mail. I realize you probably would have prefered a proper merge
> > request, but I did not start working from the salsa repo but from a
> > gbp import-dsc git repo.
> 
> I had already applied the original diff that you posted before I
> replied.

Perfect, thanks a lot!

Regards,
Salvatore

Send a report that this bug log contains spam.