kernel-packages team mailing list archive

Thread
Date

[Bug 1528904] Re: overlay setattr vulnerability

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxx>
Date: Thu, 24 Dec 2015 18:08:45 -0000
Reply-to: Bug 1528904 <1528904@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Making this bug public since all the details in this bug are already
public.

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8660

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1528904

Title:
  overlay setattr vulnerability

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  http://www.openwall.com/lists/oss-security/2015/12/23/5

  https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545

  This allows unprivileged users to change attributes on root-owned
  files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1528904/+subscriptions