Robie Basak discovered that LXD incorrectly set permissions when setting up a loop based ZFS pool. A local attacker could use this issue to copy and read the data of any LXD container. (CVE-2016-1581)
Robie Basak discovered that LXD incorrectly set permissions when switching an unprivileged container into privileged mode. A local attacker could use this issue to access any world readable path in the container directory, including setuid binaries. (CVE-2016-1582)
{ "binaries": [ { "binary_version": "2.0.2-0ubuntu1~16.04.1", "binary_name": "golang-github-lxc-lxd-dev" }, { "binary_version": "2.0.2-0ubuntu1~16.04.1", "binary_name": "lxc2" }, { "binary_version": "2.0.2-0ubuntu1~16.04.1", "binary_name": "lxd" }, { "binary_version": "2.0.2-0ubuntu1~16.04.1", "binary_name": "lxd-client" }, { "binary_version": "2.0.2-0ubuntu1~16.04.1", "binary_name": "lxd-client-dbgsym" }, { "binary_version": "2.0.2-0ubuntu1~16.04.1", "binary_name": "lxd-dbgsym" }, { "binary_version": "2.0.2-0ubuntu1~16.04.1", "binary_name": "lxd-tools" }, { "binary_version": "2.0.2-0ubuntu1~16.04.1", "binary_name": "lxd-tools-dbgsym" } ], "availability": "No subscription required" }