diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2015-07-20 21:15:56 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2015-07-20 21:15:56 +0000 |
commit | eeff0c9a5f1a60293d0a08ca7fe1dc334fcc6b12 (patch) | |
tree | df7521fd4559b5db1cb4689fab45e1df89e8b6e3 /retired/CVE-2014-9717 | |
parent | 2e3107df849379ec732c871fa5e165e5f721a0f8 (diff) |
retire
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3867 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2014-9717')
-rw-r--r-- | retired/CVE-2014-9717 | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/retired/CVE-2014-9717 b/retired/CVE-2014-9717 new file mode 100644 index 00000000..37baa5c9 --- /dev/null +++ b/retired/CVE-2014-9717 @@ -0,0 +1,38 @@ +Description: USERNS allows circumventing MNT_LOCKED +References: + http://marc.info/?l=linux-kernel&m=141271552117745&w=2 + https://groups.google.com/forum/#!topic/linux.kernel/HnegnbXk0Vs + http://www.spinics.net/lists/linux-containers/msg30786.html +Notes: + jmm> Most of the changes from Eric patch series are merged, but not all: + jmm> a3b3c5627c8301ac850962b04f645dfab81e6a60 (1/19) + jmm> e819f152104c9f7c9fe50e1aecce6f5d4bf06d65 (2/19) + jmm> 8318e667f176f7ea34451a1a530634e293f216ac (3/19) + jmm> c003b26ff98ca04a180ff34c38c007a3998d62f9 (4/19) + jmm> 590ce4bcbfb4e0462a720a4ad901e84416080bba (5/19) + jmm> 411a938b5abc9cb126c41cccf5975ae464fe0f3e (6/19) + jmm> 5d88457eb5b86b475422dc882f089203faaeedb5 (7/19) + jmm> 0c56fe31420ca599c90240315f7959bf1b4eb6ce (8/19) + jmm> cd4a40174b71acd021877341684d8bb1dc8ea4ae (9/19) + jmm> 7bdb11de8ee4f4ae195e2fa19efd304e0b36c63b (10/19) + jmm> 6a46c5735c29175da55b2fa9d53775182422cdd7 (11/19) + jmm> 820f9f147dcce2602eefd9b575bbbd9ea14f0953 (12/19) + jmm> ce07d891a0891d3c0d0c2d73d577490486b809e1 (13/19) + jmm> f53e57975151f54ad8caa1b0ac8a78091cd5700a (14/19) + jmm> e0c9c0afd2fc958ffa34b697972721d81df8a56f (15/19) + jmm> But these are not yet: + jmm> http://www.spinics.net/lists/linux-containers/msg30804.html (16/19) + jmm> http://www.spinics.net/lists/linux-containers/msg30798.html (17/19) + jmm> http://www.spinics.net/lists/linux-containers/msg30797.html (18/19) + jmm> http://www.spinics.net/lists/linux-containers/msg30802.html (19/19) + bwh> I think the last four are needed for CVE-2015-2925, not CVE-2014-9717 + jmm> These fixes rely on the fs_pin work by Al Viro +Bugs: +upstream: released (4.1-rc1) [a3b3c5627c8301ac850962b04f645dfab81e6a60^..e0c9c0afd2fc958ffa34b697972721d81df8a56f] +2.6.32-upstream-stable: N/A "user namespaces known broken before 3.5" +sid: released (4.0.2-1) +3.16-jessie-security: ignored "too intrusive to backport" +3.2-wheezy-security: N/A "user namespaces known broken before 3.5" +2.6.32-squeeze-security: N/A "user namespaces known broken before 3.5" +3.16-upstream-stable: ignored "too intrusive to backport" +3.2-upstream-stable: N/A "user namespaces known broken before 3.5" |