Robie Basak discovered that LXD incorrectly set permissions when setting up a loop based ZFS pool. A local attacker could use this issue to copy and read the data of any LXD container. (CVE-2016-1581)
Robie Basak discovered that LXD incorrectly set permissions when switching an unprivileged container into privileged mode. A local attacker could use this issue to access any world readable path in the container directory, including setuid binaries. (CVE-2016-1582)
{ "availability": "No subscription required", "binaries": [ { "binary_name": "golang-github-lxc-lxd-dev", "binary_version": "2.0.2-0ubuntu1~16.04.1" }, { "binary_name": "lxc2", "binary_version": "2.0.2-0ubuntu1~16.04.1" }, { "binary_name": "lxd", "binary_version": "2.0.2-0ubuntu1~16.04.1" }, { "binary_name": "lxd-client", "binary_version": "2.0.2-0ubuntu1~16.04.1" }, { "binary_name": "lxd-client-dbgsym", "binary_version": "2.0.2-0ubuntu1~16.04.1" }, { "binary_name": "lxd-dbgsym", "binary_version": "2.0.2-0ubuntu1~16.04.1" }, { "binary_name": "lxd-tools", "binary_version": "2.0.2-0ubuntu1~16.04.1" }, { "binary_name": "lxd-tools-dbgsym", "binary_version": "2.0.2-0ubuntu1~16.04.1" } ] }