[kernel-sec-discuss] r2870 - active retired
Ben Hutchings
benh at alioth.debian.org
Mon Mar 18 03:56:25 UTC 2013
Author: benh
Date: 2013-03-18 03:56:02 +0000 (Mon, 18 Mar 2013)
New Revision: 2870
Added:
retired/CVE-2013-1858
Removed:
active/CVE-2013-1858
Log:
Retire CVE-2013-1858 with an explanation of why it doesn't matter to earlier versions
Deleted: active/CVE-2013-1858
===================================================================
--- active/CVE-2013-1858 2013-03-15 14:32:24 UTC (rev 2869)
+++ active/CVE-2013-1858 2013-03-18 03:56:02 UTC (rev 2870)
@@ -1,10 +0,0 @@
-Description: userns: Don't allow CLONE_NEWUSER | CLONE_FS
-References:
- http://stealth.openwall.net/xSports/clown-newuser.c
-Notes:
-Bugs:
-upstream: pending [e66eded8309ebf679d3d3c1f5820d1f2ca332c71]
-2.6.32-upstream-stable:
-sid:
-2.6.32-squeeze-security:
-3.2-upstream-stable:
Copied: retired/CVE-2013-1858 (from rev 2869, active/CVE-2013-1858)
===================================================================
--- retired/CVE-2013-1858 (rev 0)
+++ retired/CVE-2013-1858 2013-03-18 03:56:02 UTC (rev 2870)
@@ -0,0 +1,12 @@
+Description: userns: Don't allow CLONE_NEWUSER | CLONE_FS
+References:
+ http://stealth.openwall.net/xSports/clown-newuser.c
+Notes:
+ Prior to 3.8, CLONE_NEWUSER required CAP_SYS_ADMIN && CAP_SETUID &&
+ CAP_SETGID, so no privilege escalation is possible.
+Bugs:
+upstream: pending [e66eded8309ebf679d3d3c1f5820d1f2ca332c71]
+2.6.32-upstream-stable: N/A
+sid: N/A
+2.6.32-squeeze-security: N/A
+3.2-upstream-stable: N/A
More information about the kernel-sec-discuss
mailing list