kernel-packages team mailing list archive

Thread
Date

[Bug 1527374] Re: CVE-2015-8709

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Steve Beattie <sbeattie@xxxxxxxxxx>
Date: Wed, 11 May 2016 18:23:37 -0000
Reply-to: Bug 1527374 <1527374@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Description changed:

  ** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1
  mishandles uid and gid mappings, which allows local users to gain
  privileges by establishing a user namespace, waiting for a root process
  to enter that namespace with an unsafe uid or gid, and then using the
  ptrace system call.  NOTE: the vendor states "there is no kernel bug
  here."
+ 
+ Break-Fix: - local-2015-8709

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1527374

Title:
  CVE-2015-8709

Status in linux package in Ubuntu:
  Fix Released
Status in linux-armadaxp package in Ubuntu:
  Confirmed
Status in linux-flo package in Ubuntu:
  Confirmed
Status in linux-goldfish package in Ubuntu:
  Confirmed
Status in linux-lts-quantal package in Ubuntu:
  Won't Fix
Status in linux-lts-raring package in Ubuntu:
  Won't Fix
Status in linux-lts-saucy package in Ubuntu:
  Won't Fix
Status in linux-lts-utopic package in Ubuntu:
  Fix Released
Status in linux-lts-vivid package in Ubuntu:
  Fix Released
Status in linux-lts-wily package in Ubuntu:
  Fix Released
Status in linux-lts-xenial package in Ubuntu:
  New
Status in linux-mako package in Ubuntu:
  Confirmed
Status in linux-manta package in Ubuntu:
  Confirmed
Status in linux-raspi2 package in Ubuntu:
  Fix Released
Status in linux-snapdragon package in Ubuntu:
  New
Status in linux-ti-omap4 package in Ubuntu:
  Confirmed
Status in lxc package in Ubuntu:
  Confirmed
Status in linux source package in Precise:
  Invalid
Status in linux-lts-trusty source package in Precise:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Vivid:
  Fix Released
Status in linux source package in Wily:
  Fix Released
Status in linux source package in Xenial:
  Fix Released

Bug description:
  ** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1
  mishandles uid and gid mappings, which allows local users to gain
  privileges by establishing a user namespace, waiting for a root
  process to enter that namespace with an unsafe uid or gid, and then
  using the ptrace system call.  NOTE: the vendor states "there is no
  kernel bug here."

  Break-Fix: - local-2015-8709

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1527374/+subscriptions