diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2018-01-02 11:38:16 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2018-01-02 11:38:16 +0100 |
commit | b2cfa1f1b22cd89043ce35c412b1dccccc1ede05 (patch) | |
tree | 10dd9c5fd85c930c4fe7e5566677039ecaf774b2 /retired/CVE-2015-8709 | |
parent | 65d12351228b56399a851015a64b412cecacfbde (diff) |
Retire CVE-2015-8709
Diffstat (limited to 'retired/CVE-2015-8709')
-rw-r--r-- | retired/CVE-2015-8709 | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/retired/CVE-2015-8709 b/retired/CVE-2015-8709 new file mode 100644 index 00000000..855cfe92 --- /dev/null +++ b/retired/CVE-2015-8709 @@ -0,0 +1,25 @@ +Description: privileged process entering userns can be ptraced by userns owner +References: + https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1527374 + https://lkml.org/lkml/2015/12/25/71 +Notes: + bwh> CVE requested at http://www.openwall.com/lists/oss-security/2015/12/17/12 + bwh> This was initially rejected as an upstream kernel bug, but I believe it + bwh> was eventually fixed upstream as noted below. + bwh> Dependencies: + bwh> 3dfb7d8cdbc7 security: let security modules use PTRACE_MODE_* with bitmasks + bwh> caaee6234d05 ptrace: use fsuid, fsgid, effective creds for fs access checks + bwh> Related: + bwh> 64b875f7ac8a ptrace: Capture the ptracer's creds not PT_PTRACE_CAP + bwh> 84d77d3f06e7 ptrace: Don't allow accessing an undumpable mm + bwh> f84df2a6f268 exec: Ensure mm->user_ns contains the execed files + bwh> 613cc2b6f272 fs: exec: apply CLOEXEC before changing dumpable task flags +Bugs: +upstream: released (4.10-rc1) [bfedb589252c01fa505ac9f6f2a3d5d68d707ef4] +4.9-upstream-stable: released (4.9.1) [694a95fa6dae4991f16cda333d897ea063021fed] +3.16-upstream-stable: released (3.16.52) [d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12] +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.3.3-3) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch] +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch] +3.2-wheezy-security: N/A "Vulnerable code not present" |