retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3650 e094ebfe-e918-0410-adfb-c712417f3574
author: Moritz Muehlenhoff <jmm@debian.org> 2015-01-16 18:05:42 +0000
committer: Moritz Muehlenhoff <jmm@debian.org> 2015-01-16 18:05:42 +0000
commit: 9165f6b47349dbe5eb6f4f0b26b427267bb062d0 (patch)
tree: 35b9c4013bf149d9c0aa29ecd513fe736f718f05 /retired/CVE-2014-8989
parent: 5733e189259ef8969019d7216f4531410217edad (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/retired/CVE-2014-8989 b/retired/CVE-2014-8989
new file mode 100644
index 00000000..9f78a08e
--- /dev/null
+++ b/retired/CVE-2014-8989
@@ -0,0 +1,17 @@
+Description: Linux user namespaces can bypass group-based restrictions
+References:
+ http://www.openwall.com/lists/oss-security/2014/11/17/19
+ http://thread.gmane.org/gmane.linux.man/7385/
+ http://lwn.net/Articles/626665/
+ http://lwn.net/Articles/626677/
+Notes:
+ bwh> Mitigated in Debian because by default you need CAP_SYS_ADMIN to
+ bwh> create a new userns.
+Bugs:
+upstream: released (3.19-rc1) [0542f17bf2c1f2430d368f44c8fcf2f82ec9e53e, 273d2c67c3e179adb1e74f403d1e9a06e3f841b5, be7c6dba2332cef0677fbabb606e279ae76652c3, 80dd00a23784b384ccea049bfb3f259d3f973b9d, f95d7918bd1e724675de4940039f2865e5eec5fe, f0d62aec931e4ae3333c797d346dc4f188f454ba, 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8, 66d2f338ee4c449396b6f99f5e75cd18eb6df272, db86da7cb76f797a1a8b445166a15cb922c6ff85]
+2.6.32-upstream-stable: N/A "User namespaces not usable"
+sid: released (3.16.7-ckt4-1)
+3.2-wheezy-security: N/A "User namespaces not usable"
+2.6.32-squeeze-security: N/A "User namespaces not usable"
+3.16-upstream-stable: released (3.16.7-ckt4)
+3.2-upstream-stable: N/A "User namespaces not usable"
author	Moritz Muehlenhoff <jmm@debian.org>	2015-01-16 18:05:42 +0000
committer	Moritz Muehlenhoff <jmm@debian.org>	2015-01-16 18:05:42 +0000
commit	9165f6b47349dbe5eb6f4f0b26b427267bb062d0 (patch)
tree	35b9c4013bf149d9c0aa29ecd513fe736f718f05 /retired/CVE-2014-8989
parent	5733e189259ef8969019d7216f4531410217edad (diff)