summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2014-9717
blob: 37baa5c931f0941debad4962e9b9e87dd095d2c4 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

Description: USERNS allows circumventing MNT_LOCKED
References:
 http://marc.info/?l=linux-kernel&m=141271552117745&w=2
 https://groups.google.com/forum/#!topic/linux.kernel/HnegnbXk0Vs
 http://www.spinics.net/lists/linux-containers/msg30786.html
Notes:
 jmm> Most of the changes from Eric patch series are merged, but not all:
 jmm> a3b3c5627c8301ac850962b04f645dfab81e6a60 (1/19)
 jmm> e819f152104c9f7c9fe50e1aecce6f5d4bf06d65 (2/19)
 jmm> 8318e667f176f7ea34451a1a530634e293f216ac (3/19)
 jmm> c003b26ff98ca04a180ff34c38c007a3998d62f9 (4/19)
 jmm> 590ce4bcbfb4e0462a720a4ad901e84416080bba (5/19)
 jmm> 411a938b5abc9cb126c41cccf5975ae464fe0f3e (6/19)
 jmm> 5d88457eb5b86b475422dc882f089203faaeedb5 (7/19)
 jmm> 0c56fe31420ca599c90240315f7959bf1b4eb6ce (8/19)
 jmm> cd4a40174b71acd021877341684d8bb1dc8ea4ae (9/19)
 jmm> 7bdb11de8ee4f4ae195e2fa19efd304e0b36c63b (10/19)
 jmm> 6a46c5735c29175da55b2fa9d53775182422cdd7 (11/19)
 jmm> 820f9f147dcce2602eefd9b575bbbd9ea14f0953 (12/19)
 jmm> ce07d891a0891d3c0d0c2d73d577490486b809e1 (13/19)
 jmm> f53e57975151f54ad8caa1b0ac8a78091cd5700a (14/19)
 jmm> e0c9c0afd2fc958ffa34b697972721d81df8a56f (15/19)
 jmm> But these are not yet:
 jmm> http://www.spinics.net/lists/linux-containers/msg30804.html (16/19)
 jmm> http://www.spinics.net/lists/linux-containers/msg30798.html (17/19)
 jmm> http://www.spinics.net/lists/linux-containers/msg30797.html (18/19)
 jmm> http://www.spinics.net/lists/linux-containers/msg30802.html (19/19)
 bwh> I think the last four are needed for CVE-2015-2925, not CVE-2014-9717
 jmm> These fixes rely on the fs_pin work by Al Viro
Bugs:
upstream: released (4.1-rc1) [a3b3c5627c8301ac850962b04f645dfab81e6a60^..e0c9c0afd2fc958ffa34b697972721d81df8a56f]
2.6.32-upstream-stable: N/A "user namespaces known broken before 3.5"
sid: released (4.0.2-1)
3.16-jessie-security: ignored "too intrusive to backport"
3.2-wheezy-security: N/A "user namespaces known broken before 3.5"
2.6.32-squeeze-security: N/A "user namespaces known broken before 3.5"
3.16-upstream-stable: ignored "too intrusive to backport"
3.2-upstream-stable: N/A "user namespaces known broken before 3.5"

© 2014-2024 Faster IT GmbH | imprint | privacy policy