[kernel-sec-discuss] r4986 - dsa-texts
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Feb 22 11:19:06 UTC 2017
Author: carnil
Date: 2017-02-22 11:19:06 +0000 (Wed, 22 Feb 2017)
New Revision: 4986
Modified:
dsa-texts/3.16.39-1+deb8u1
Log:
Add descirption for CVE-2017-5551
Modified: dsa-texts/3.16.39-1+deb8u1
===================================================================
--- dsa-texts/3.16.39-1+deb8u1 2017-02-22 10:37:52 UTC (rev 4985)
+++ dsa-texts/3.16.39-1+deb8u1 2017-02-22 11:19:06 UTC (rev 4986)
@@ -42,6 +42,13 @@
could leak kernel memory, resulting in an information leak.
CVE-2017-5551
+
+ Jan Kara found that changing the POSIX ACL of a file on tmpfs never
+ cleared its set-group-ID flag, which should be done if the user
+ changing it is not a member of the group-owner. In some cases, this
+ would allow the user-owner of an executable to gain the privileges
+ of the group-owner.
+
CVE-2017-5897
CVE-2017-5970
CVE-2017-6001
More information about the kernel-sec-discuss
mailing list