Description: netfilter: nfnetlink_cthelper: Add missing permission checks
References:
 https://patchwork.kernel.org/patch/10089373/
Notes:
 bwh> This is mitigated in Debian by unprivileged user namespaces being
 bwh> default-disabled.
Bugs:
upstream: released (4.15-rc4) [4b380c42f7d00a395feede754f0bc2292eebe6e5]
4.9-upstream-stable: released (4.9.79) [2c3184ea80322347287bc7e57f782d77f478e73c]
3.16-upstream-stable: released (3.16.52) [fad6474d43e985338e4c2b3bb1a7668cca1f041a]
3.2-upstream-stable: N/A "User namespaces not supported"
sid: released (4.14.7-1) [bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch]
4.9-stretch-security: released (4.9.65-3+deb9u1) [bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch]
3.16-jessie-security: released (3.16.51-3+deb8u1) [bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch]
3.2-wheezy-security: N/A "User namespaces not supported"