PublicDateAtUSN: 2018-08-06 16:00:00 UTC
Candidate: CVE-2018-6556
CRD: 2018-08-06 16:00:00 UTC
PublicDate: 2018-08-10 15:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6556
 https://ubuntu.com/security/notices/USN-3730-1
Description:
 lxc-user-nic when asked to delete a network interface will unconditionally
 open a user provided path. This code path may be used by an unprivileged
 user to check for the existence of a path which they wouldn't otherwise be
 able to reach. It may also be used to trigger side effects by causing a
 (read-only) open of special kernel files (ptmx, proc, sys). Affected
 releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions
 above and including 3.0.0, prior to 3.0.2.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
Priority: medium
Discovered-by: Matthias Gerstner
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [3.3 LOW]


Patches_lxc:
upstream_lxc: needs-triage
precise/esm_lxc: DNE
trusty_lxc: not-affected (1.0.10-0ubuntu1.1)
trusty/esm_lxc: not-affected (1.0.10-0ubuntu1.1)
xenial_lxc: not-affected (2.0.8-0ubuntu1~16.04.2)
esm-infra/xenial_lxc: not-affected (2.0.8-0ubuntu1~16.04.2)
bionic_lxc: released (3.0.1-0ubuntu1~18.04.2)
devel_lxc: released (3.0.1-0ubuntu2)