LXC: Remote security bypass A vulnerability in LXC may lead to an unauthorized security bypass. lxc 2017-11-11 2017-11-11: 1 636386 remote 2.0.7 2.0.7

LinuX Containers userspace utilities

Previous versions of lxc-attach ran a shell or the specified command without allocating a pseudo terminal making it vulnerable to input faking via a TIOCSTI ioctl call.

Remote attackers can escape the container and perform unauthorized modifications.

There is no know workaround at this time.

All LXC users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/lxc-2.0.7"
CVE-2016-10124 jmbailey jmbailey