Retire now CVE-2016-157{5,6}

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4623 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 18 insertions, 0 deletions

diff --git a/retired/CVE-2016-1575 b/retired/CVE-2016-1575
new file mode 100644
index 00000000..b3d7a944
--- /dev/null
+++ b/retired/CVE-2016-1575
@@ -0,0 +1,18 @@
+Description: Privilege escalation through userns, overlay mounts and setgid flag
+References:
+ http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/
+Notes:
+ bwh> The exploit depends on unprivileged users being able to create user
+ bwh> namespaces (disallowed by default in Debian) and being able to mount
+ bwh> overlayfs within a user namespace (only allowed in Ubuntu).  But it's
+ bwh> possible that an administrator might accidentally set up a
+ bwh> configuration that is exploitable.
+ bwh> jessie is affected by a similar issue with aufs substituting for
+ bwh> overlayfs.
+Bugs:
+upstream: released (4.5-rc1) [e9f57ebcba563e0cd532926cab83c92bb4d79360]
+3.16-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)"
+3.2-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)"
+sid: released (4.5.1-1)
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"