mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
populated CVE information for CVE-2018-6553 (cups) and CVE-2018-6556 (lxc)
This commit is contained in:
Emily Ratliff
parent
dde92f3f7d
commit
4abe87e5a0
@ -1,9 +1,57 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ASSIGNER" : "security@ubuntu.com",
|
||||
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
|
||||
"ID" : "CVE-2018-6553",
|
||||
"STATE" : "RESERVED"
|
||||
"STATE" : "PUBLIC",
|
||||
"TITLE": "AppArmor cupsd Sandbox Bypass Due to Use of Hard Links"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "cups",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"affected": "<",
|
||||
"platform": "Ubuntu 18.04 LTS",
|
||||
"version_value": "2.2.7-1ubuntu2.1"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"platform": "Ubuntu 17.10",
|
||||
"version_value": "2.2.4-7ubuntu3.1"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"platform": "Ubuntu 16.04 LTS",
|
||||
"version_value": "2.1.3-4ubuntu0.5"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"platform": "Ubuntu 14.04 LTS",
|
||||
"version_value": "1.7.2-0ubuntu1.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Dan Bastone"
|
||||
}
|
||||
],
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
@ -11,8 +59,33 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value" : "The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Escape from sandbox confinement"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "USN-3713-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "https://usn.ubuntu.com/usn/usn-3713-1"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "USN-3713-1",
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,9 +1,52 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ASSIGNER" : "security@ubuntu.com",
|
||||
"DATE_PUBLIC" : "2018-08-06T16:00:00.000Z",
|
||||
"ID" : "CVE-2018-6556",
|
||||
"STATE" : "RESERVED"
|
||||
"STATE" : "PUBLIC",
|
||||
"TITLE" : "The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "LXC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"affected": ">=",
|
||||
"version_name": "2.0",
|
||||
"version_value": "2.0.9"
|
||||
},
|
||||
{
|
||||
"affected": ">=",
|
||||
"version_name": "3.0",
|
||||
"version_value": "3.0.0"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "3.0",
|
||||
"version_value": "3.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Matthias Gerstner from SUSE"
|
||||
}
|
||||
],
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
@ -11,8 +54,46 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value" : "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys).\nAffected releases are LXC:\n2.0 versions above and including 2.0.9;\n3.0 versions above and including 3.0.0, prior to 3.0.2."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Incorrect access control"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "USN-3730-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "https://usn.ubuntu.com/usn/usn-3730-1"
|
||||
},
|
||||
{
|
||||
"name": "1783591",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"
|
||||
},
|
||||
{
|
||||
"name": "988348",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.suse.com/show_bug.cgi?id=988348"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "USN-3730-1",
|
||||
"defect": [
|
||||
"1783591"
|
||||
],
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user