Debian Lxd vulnerabilities

CVE-2016-1581 [MEDIUM] CVE-2016-1581: lxd - LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when s... LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors. Scope: local bookworm: resolved trixie: resolved

CVE-2015-8222 [MEDIUM] CVE-2015-8222: lxd - The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubu... The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors. Scope: local bookworm: resolved trixie: resolved

CVE-2015-1340 [HIGH] CVE-2015-1340: lxd - LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod()... LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice. Scope: local bookworm: resolved trixie: resolved