CVE-2016-1582

Published: 31 May 2016

LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
lxd Launchpad, Ubuntu, Debian	upstream	Needs triage
	precise	Does not exist
	trusty	Does not exist
	wily	Released (0.20-0ubuntu4.2)
	xenial	Released (2.0.2-0ubuntu1~16.04.1)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1582
https://ubuntu.com/security/notices/USN-2988-1
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1584230

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›