USN-2451-1: cgmanager vulnerability
6 January 2015
cgmanager could be made to expose sensitive information or devices to containers running on the system.
Releases
Packages
- cgmanager - Central cgroup manager daemon
Details
Serge Hallyn discovered that cgmanager did not consistently enforce
proper nesting when modifying cgroup properties. A local attacker in a
privileged container could use this to set cgroup values for all cgroups.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10
Ubuntu 14.04
After a standard system update you need to reboot your computer to make
all the necessary changes.