kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #152393
[Bug 1527374] Re: privilege escalation on attach through ptrace
This bug was fixed in the package linux-lts-wily - 4.2.0-22.27~14.04.1
---------------
linux-lts-wily (4.2.0-22.27~14.04.1) trusty; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1527538
[ Jann Horn ]
* ptrace: being capable wrt a process requires mapped uids/gids
- LP: #1527374
linux (4.2.0-22.26) wily; urgency=low
[ Upstream Kernel Changes ]
* xen: Add RING_COPY_REQUEST()
- CVE-2015-8550
* xen-netback: don't use last request to determine minimum Tx credit
- CVE-2015-8550
* xen-netback: use RING_COPY_REQUEST() throughout
- CVE-2015-8550
* xen-blkback: only read request operation from shared ring once
- CVE-2015-8550
* xen-blkback: read from indirect descriptors only once
- CVE-2015-8550
* xen-scsiback: safely copy requests
- CVE-2015-8550
* xen/pciback: Save xen_pci_op commands before processing it
- CVE-2015-8550
* xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI
or MSI-X enabled
- CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
* xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI
or MSI-X enabled
- CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
* xen/pciback: Do not install an IRQ handler for MSI interrupts.
- CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
* xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has
MSI(X) enabled.
- CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
* xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
- CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
-- Luis Henriques <luis.henriques@xxxxxxxxxxxxx> Fri, 18 Dec 2015
10:27:07 +0000
** Changed in: linux-lts-wily (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1527374
Title:
privilege escalation on attach through ptrace
Status in linux package in Ubuntu:
Incomplete
Status in linux-armadaxp package in Ubuntu:
New
Status in linux-flo package in Ubuntu:
New
Status in linux-goldfish package in Ubuntu:
New
Status in linux-lts-quantal package in Ubuntu:
New
Status in linux-lts-raring package in Ubuntu:
New
Status in linux-lts-saucy package in Ubuntu:
New
Status in linux-lts-trusty package in Ubuntu:
New
Status in linux-lts-utopic package in Ubuntu:
Fix Released
Status in linux-lts-vivid package in Ubuntu:
Fix Released
Status in linux-lts-wily package in Ubuntu:
Fix Released
Status in linux-mako package in Ubuntu:
New
Status in linux-manta package in Ubuntu:
New
Status in linux-raspi2 package in Ubuntu:
Fix Released
Status in linux-ti-omap4 package in Ubuntu:
New
Status in lxc package in Ubuntu:
New
Status in lxd package in Ubuntu:
New
Status in linux source package in Precise:
Invalid
Status in linux-lts-trusty source package in Precise:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Vivid:
Fix Released
Status in linux source package in Wily:
Fix Released
Status in linux source package in Xenial:
Incomplete
Bug description:
A kernel bug in user namespaces allows root in a container to ptrace
host-root-owned tasks during a window of opportunity during lxc-attach
/ 'lxc exec', before they drop privilege by doing setuid to the
container root uid.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1527374/+subscriptions