[kernel-sec-discuss] r3867 - active retired

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Jul 20 21:15:56 UTC 2015 

Author: jmm
Date: 2015-07-20 21:15:56 +0000 (Mon, 20 Jul 2015)
New Revision: 3867

Added:
   retired/CVE-2014-9717
Removed:
   active/CVE-2014-9717
Log:
retire


Deleted: active/CVE-2014-9717
===================================================================
--- active/CVE-2014-9717	2015-07-20 21:15:25 UTC (rev 3866)
+++ active/CVE-2014-9717	2015-07-20 21:15:56 UTC (rev 3867)
@@ -1,38 +0,0 @@
-Description: USERNS allows circumventing MNT_LOCKED
-References:
- http://marc.info/?l=linux-kernel&m=141271552117745&w=2
- https://groups.google.com/forum/#!topic/linux.kernel/HnegnbXk0Vs
- http://www.spinics.net/lists/linux-containers/msg30786.html
-Notes:
- jmm> Most of the changes from Eric patch series are merged, but not all:
- jmm> a3b3c5627c8301ac850962b04f645dfab81e6a60 (1/19)
- jmm> e819f152104c9f7c9fe50e1aecce6f5d4bf06d65 (2/19)
- jmm> 8318e667f176f7ea34451a1a530634e293f216ac (3/19)
- jmm> c003b26ff98ca04a180ff34c38c007a3998d62f9 (4/19)
- jmm> 590ce4bcbfb4e0462a720a4ad901e84416080bba (5/19)
- jmm> 411a938b5abc9cb126c41cccf5975ae464fe0f3e (6/19)
- jmm> 5d88457eb5b86b475422dc882f089203faaeedb5 (7/19)
- jmm> 0c56fe31420ca599c90240315f7959bf1b4eb6ce (8/19)
- jmm> cd4a40174b71acd021877341684d8bb1dc8ea4ae (9/19)
- jmm> 7bdb11de8ee4f4ae195e2fa19efd304e0b36c63b (10/19)
- jmm> 6a46c5735c29175da55b2fa9d53775182422cdd7 (11/19)
- jmm> 820f9f147dcce2602eefd9b575bbbd9ea14f0953 (12/19)
- jmm> ce07d891a0891d3c0d0c2d73d577490486b809e1 (13/19)
- jmm> f53e57975151f54ad8caa1b0ac8a78091cd5700a (14/19)
- jmm> e0c9c0afd2fc958ffa34b697972721d81df8a56f (15/19)
- jmm> But these are not yet:
- jmm> http://www.spinics.net/lists/linux-containers/msg30804.html (16/19)
- jmm> http://www.spinics.net/lists/linux-containers/msg30798.html (17/19)
- jmm> http://www.spinics.net/lists/linux-containers/msg30797.html (18/19)
- jmm> http://www.spinics.net/lists/linux-containers/msg30802.html (19/19)
- bwh> I think the last four are needed for CVE-2015-2925, not CVE-2014-9717
- jmm> These fixes rely on the fs_pin work by Al Viro
-Bugs:
-upstream: released (4.1-rc1) [a3b3c5627c8301ac850962b04f645dfab81e6a60^..e0c9c0afd2fc958ffa34b697972721d81df8a56f]
-2.6.32-upstream-stable: N/A "user namespaces known broken before 3.5"
-sid: released (4.0.2-1)
-3.16-jessie-security: ignored "too intrusive to backport"
-3.2-wheezy-security: N/A "user namespaces known broken before 3.5"
-2.6.32-squeeze-security: N/A "user namespaces known broken before 3.5"
-3.16-upstream-stable: ignored "too intrusive to backport"
-3.2-upstream-stable: N/A "user namespaces known broken before 3.5"

Copied: retired/CVE-2014-9717 (from rev 3866, active/CVE-2014-9717)
===================================================================
--- retired/CVE-2014-9717	                        (rev 0)
+++ retired/CVE-2014-9717	2015-07-20 21:15:56 UTC (rev 3867)
@@ -0,0 +1,38 @@
+Description: USERNS allows circumventing MNT_LOCKED
+References:
+ http://marc.info/?l=linux-kernel&m=141271552117745&w=2
+ https://groups.google.com/forum/#!topic/linux.kernel/HnegnbXk0Vs
+ http://www.spinics.net/lists/linux-containers/msg30786.html
+Notes:
+ jmm> Most of the changes from Eric patch series are merged, but not all:
+ jmm> a3b3c5627c8301ac850962b04f645dfab81e6a60 (1/19)
+ jmm> e819f152104c9f7c9fe50e1aecce6f5d4bf06d65 (2/19)
+ jmm> 8318e667f176f7ea34451a1a530634e293f216ac (3/19)
+ jmm> c003b26ff98ca04a180ff34c38c007a3998d62f9 (4/19)
+ jmm> 590ce4bcbfb4e0462a720a4ad901e84416080bba (5/19)
+ jmm> 411a938b5abc9cb126c41cccf5975ae464fe0f3e (6/19)
+ jmm> 5d88457eb5b86b475422dc882f089203faaeedb5 (7/19)
+ jmm> 0c56fe31420ca599c90240315f7959bf1b4eb6ce (8/19)
+ jmm> cd4a40174b71acd021877341684d8bb1dc8ea4ae (9/19)
+ jmm> 7bdb11de8ee4f4ae195e2fa19efd304e0b36c63b (10/19)
+ jmm> 6a46c5735c29175da55b2fa9d53775182422cdd7 (11/19)
+ jmm> 820f9f147dcce2602eefd9b575bbbd9ea14f0953 (12/19)
+ jmm> ce07d891a0891d3c0d0c2d73d577490486b809e1 (13/19)
+ jmm> f53e57975151f54ad8caa1b0ac8a78091cd5700a (14/19)
+ jmm> e0c9c0afd2fc958ffa34b697972721d81df8a56f (15/19)
+ jmm> But these are not yet:
+ jmm> http://www.spinics.net/lists/linux-containers/msg30804.html (16/19)
+ jmm> http://www.spinics.net/lists/linux-containers/msg30798.html (17/19)
+ jmm> http://www.spinics.net/lists/linux-containers/msg30797.html (18/19)
+ jmm> http://www.spinics.net/lists/linux-containers/msg30802.html (19/19)
+ bwh> I think the last four are needed for CVE-2015-2925, not CVE-2014-9717
+ jmm> These fixes rely on the fs_pin work by Al Viro
+Bugs:
+upstream: released (4.1-rc1) [a3b3c5627c8301ac850962b04f645dfab81e6a60^..e0c9c0afd2fc958ffa34b697972721d81df8a56f]
+2.6.32-upstream-stable: N/A "user namespaces known broken before 3.5"
+sid: released (4.0.2-1)
+3.16-jessie-security: ignored "too intrusive to backport"
+3.2-wheezy-security: N/A "user namespaces known broken before 3.5"
+2.6.32-squeeze-security: N/A "user namespaces known broken before 3.5"
+3.16-upstream-stable: ignored "too intrusive to backport"
+3.2-upstream-stable: N/A "user namespaces known broken before 3.5"

More information about the kernel-sec-discuss mailing list