diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2017-02-22 11:19:06 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2017-02-22 11:19:06 +0000 |
commit | 26390e2f7df33a7330cae06d684bc4ac1de5d59b (patch) | |
tree | 0435c90c87af78afafea7e3d25c0139d124adf91 /dsa-texts/3.16.39-1+deb8u1 | |
parent | 0013b9e999ca7c4c959812dce2c04287d585a326 (diff) |
Add descirption for CVE-2017-5551
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4986 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/3.16.39-1+deb8u1')
-rw-r--r-- | dsa-texts/3.16.39-1+deb8u1 | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/dsa-texts/3.16.39-1+deb8u1 b/dsa-texts/3.16.39-1+deb8u1 index 214b3166..8cd89e0f 100644 --- a/dsa-texts/3.16.39-1+deb8u1 +++ b/dsa-texts/3.16.39-1+deb8u1 @@ -42,6 +42,13 @@ CVE-2017-5549 could leak kernel memory, resulting in an information leak. CVE-2017-5551 + + Jan Kara found that changing the POSIX ACL of a file on tmpfs never + cleared its set-group-ID flag, which should be done if the user + changing it is not a member of the group-owner. In some cases, this + would allow the user-owner of an executable to gain the privileges + of the group-owner. + CVE-2017-5897 CVE-2017-5970 CVE-2017-6001 |