NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a39116b5db
kumquat-buildroot/package/lxc/lxc.hash
Fabrice Fontaine cd7bfba252 package/lxc: security bump to version 5.0.2 
- Fix CVE-2022-47952: lxc-user-nic in lxc through 5.0.1 is installed
  setuid root, and may allow local users to infer whether any file
  exists, even within a protected directory tree, because "Failed to
  open" often indicates that a file does not exist, whereas "does not
  refer to a network namespace path" often indicates that a file exists.
  NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556
  fix design was based on the premise that "we will report back to the
  user that the open() failed but the user has no way of knowing why it
  failed"; however, in many realistic cases, there are no plausible
  reasons for failing except that the file does not exist.
- Drop patches (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-01-26 17:08:23 +01:00

5 lines
289 B
Plaintext
Raw Blame History

# Locally calculated
sha256 bea08d2e49efcee34fa58acd2bc95c0adc64d291c07f4cfaf4ac1d8ac5a36f45 lxc-5.0.2.tar.gz
sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 LICENSE.GPL2
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 LICENSE.LGPL2.1
Reference in New Issue View Git Blame Copy Permalink