Fluid Attacks Database

Description

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	lxc	>=0 <1:3.0.3-1	1:3.0.3-1
debian 11	lxc-templates	=3.0.4-5 \|\| =3.0.4.48.g4765da8-1 \|\| =3.0.4.48.g4765da8-2 \|\| =3.0.4.79.g84b0597-1 \|\| =3.0.4.89.gc128b96-1 \|\| =3.0.4.95.g15f7c83-1	-
debian 12	lxc	>=0 <1:3.0.3-1	1:3.0.3-1
debian 12	lxc-templates	=3.0.4.48.g4765da8-1 \|\| =3.0.4.48.g4765da8-1+deb12u1 \|\| =3.0.4.48.g4765da8-2 \|\| =3.0.4.79.g84b0597-1 \|\| =3.0.4.89.gc128b96-1 \|\| =3.0.4.95.g15f7c83-1	-
debian 13	lxc-templates	=3.0.4.89.gc128b96-1 \|\| =3.0.4.95.g15f7c83-1	-
debian 14	lxc-templates	=3.0.4.89.gc128b96-1 \|\| =3.0.4.95.g15f7c83-1	-
debian 14	lxc	>=0 <1:3.0.3-1	1:3.0.3-1
debian 11	lxc	>=0 <1:3.0.3-1	1:3.0.3-1

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.