mirror of
git://slackware.nl/current.git
synced 2024-12-28 09:59:53 +01:00
73d387f569
a/kernel-firmware-20190212_28f5f7d-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.21-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.21-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.21-x86_64-1.txz: Upgraded.
ap/lxc-2.0.9_d3a03247-x86_64-1.txz: Upgraded.
This update fixes a security issue where a malicious privileged container
could overwrite the host binary and thus gain root-level code execution on
the host. As the LXC project considers privileged containers to be unsafe
no CVE has been assigned for this issue for LXC. To prevent this attack,
LXC has been patched to create a temporary copy of the calling binary
itself when it starts or attaches to containers. To do this LXC creates an
anonymous, in-memory file using the memfd_create() system call and copies
itself into the temporary in-memory file, which is then sealed to prevent
further modifications. LXC then executes this sealed, in-memory file
instead of the original on-disk binary.
For more information, see:
https://seclists.org/oss-sec/2019/q1/119
(* Security fix *)
d/kernel-headers-4.19.21-x86-1.txz: Upgraded.
k/kernel-source-4.19.21-noarch-1.txz: Upgraded.
l/libbluray-1.1.0-x86_64-1.txz: Upgraded.
l/libcap-2.26-x86_64-2.txz: Rebuilt.
Don't ship static library.
l/xapian-core-1.4.10-x86_64-1.txz: Upgraded.
n/gnupg2-2.2.13-x86_64-1.txz: Upgraded.
n/irssi-1.2.0-x86_64-1.txz: Upgraded.
n/libassuan-2.5.3-x86_64-1.txz: Upgraded.
x/bitmap-1.0.9-x86_64-1.txz: Upgraded.
x/libXau-1.0.9-x86_64-1.txz: Upgraded.
x/pixman-0.38.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
19 lines
955 B
Text
19 lines
955 B
Text
# HOW TO EDIT THIS FILE:
|
|
# The "handy ruler" below makes it easier to edit a package description. Line
|
|
# up the first '|' above the ':' following the base package name, and the '|'
|
|
# on the right side marks the last column you can put a character in. You must
|
|
# make exactly 11 lines for the formatting to be correct. It's also
|
|
# customary to leave one space after the ':'.
|
|
|
|
|-----handy-ruler------------------------------------------------------|
|
|
lxc: lxc (Linux Containers)
|
|
lxc:
|
|
lxc: Linux Containers (LXC) are an operating system-level virtualization
|
|
lxc: method for running multiple isolated server installs (containers) on
|
|
lxc: a single control host. LXC does not provide a virtual machine, but
|
|
lxc: rather provides a virtual environment that has its own process and
|
|
lxc: network space. It is similar to a chroot, but offers more isolation.
|
|
lxc:
|
|
lxc: Daniel Lezcano is the primary developer of lxc.
|
|
lxc:
|
|
lxc: Homepage: https://linuxcontainers.org
|