[kernel-sec-discuss] r4071 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jan 1 07:24:46 UTC 2016
Author: carnil
Date: 2016-01-01 07:24:46 +0000 (Fri, 01 Jan 2016)
New Revision: 4071
Added:
active/CVE-2015-8709
Removed:
active/CVE-2015-userns-ptrace-priv-esc
Log:
CVE-2015-8709 assigned
Copied: active/CVE-2015-8709 (from rev 4070, active/CVE-2015-userns-ptrace-priv-esc)
===================================================================
--- active/CVE-2015-8709 (rev 0)
+++ active/CVE-2015-8709 2016-01-01 07:24:46 UTC (rev 4071)
@@ -0,0 +1,15 @@
+Description: privileged process entering userns can be ptraced by userns owner
+References:
+ https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1527374
+ https://lkml.org/lkml/2015/12/25/71
+Notes:
+ bwh> CVE requested at http://www.openwall.com/lists/oss-security/2015/12/17/12
+Bugs:
+upstream: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A "Vulnerable code not present"
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid: pending (4.3.3-3) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
+3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
+3.2-wheezy-security: N/A "Vulnerable code not present"
+2.6.32-squeeze-security: N/A "Vulnerable code not present"
Deleted: active/CVE-2015-userns-ptrace-priv-esc
===================================================================
--- active/CVE-2015-userns-ptrace-priv-esc 2015-12-31 14:52:31 UTC (rev 4070)
+++ active/CVE-2015-userns-ptrace-priv-esc 2016-01-01 07:24:46 UTC (rev 4071)
@@ -1,15 +0,0 @@
-Description: privileged process entering userns can be ptraced by userns owner
-References:
- https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1527374
- https://lkml.org/lkml/2015/12/25/71
-Notes:
- bwh> CVE requested at http://www.openwall.com/lists/oss-security/2015/12/17/12
-Bugs:
-upstream: needed
-3.16-upstream-stable: needed
-3.2-upstream-stable: N/A "Vulnerable code not present"
-2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: pending (4.3.3-3) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
-3.16-jessie-security: pending (3.16.7-ckt20-1+deb8u2) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
-3.2-wheezy-security: N/A "Vulnerable code not present"
-2.6.32-squeeze-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list