Comment 59 for bug 1476662

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 1.0.7-0ubuntu0.5

lxc (1.0.7-0ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Arbitrary host file access and AppArmor
    confinement breakout via lxc-start following symlinks while
    setting up mounts within a malicious container (LP: #1476662).
    - debian/patches/0003-CVE-2015-1335.patch: block mounts to paths
      containing symlinks and block bind mounts from relative paths
      containing symlinks. Patch from upstream.
    - CVE-2015-1335

 -- Steve Beattie <email address hidden> Tue, 22 Sep 2015 15:07:00 -0700