Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: lxd-image-server

Found 4 matching suggestions

View:
Compact
Detailed
Dismissed
Permalink CVE-2015-1340
updated 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month ago
  • @pyrox0 removed
    6 packages
    • python312Packages.pylxd
    • python313Packages.pylxd
    • python314Packages.pylxd
    • terraform-providers.lxd
    • terraform-providers.terraform-lxd_lxd
    • lxd-ui
    1 month ago
  • @LeSuisse dismissed 1 month ago
chmod race in doUidshiftIntoContainer

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.

References

Affected products

LXD
  • <0.19-0ubuntu5

Matching in nixpkgs

pkgs.lxd-lts

Daemon based on liblxc offering a REST API to manage containers

pkgs.lxd-unwrapped-lts

Daemon based on liblxc offering a REST API to manage containers

Ignored packages (6)

pkgs.lxd-ui

Web user interface for LXD

Package maintainers

Old issue, current stable was never impacted
Untriaged
Permalink CVE-2024-6156
3.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, …

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

References

Affected products

lxd
  • <5.0.4
  • <4.0.10
  • <5.21.2
  • <6.1

Matching in nixpkgs

pkgs.lxd-image-server

Creates and manages a simplestreams lxd image server on top of nginx

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2024-6219
3.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, …

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.

References

Affected products

lxd
  • <5.21.1

Matching in nixpkgs

pkgs.lxd-image-server

Creates and manages a simplestreams lxd image server on top of nginx

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-49721
6.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
An insecure default to allow UEFI Shell in EDK2 was …

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.

References

Affected products

lxd
  • ==0
  • *

Matching in nixpkgs

pkgs.lxd-image-server

Creates and manages a simplestreams lxd image server on top of nginx

  • nixos-unstable -

Package maintainers