← Back to team overview

touch-packages team mailing list archive

[Bug 1527374] Re: privilege escalation on attach through ptrace

 

Mitre assigned CVE-2015-8709 for this issue.

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8709

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8550

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8551

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8552

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8553

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1527374

Title:
  privilege escalation on attach through ptrace

Status in linux package in Ubuntu:
  Incomplete
Status in linux-armadaxp package in Ubuntu:
  New
Status in linux-flo package in Ubuntu:
  New
Status in linux-goldfish package in Ubuntu:
  New
Status in linux-lts-quantal package in Ubuntu:
  New
Status in linux-lts-raring package in Ubuntu:
  New
Status in linux-lts-saucy package in Ubuntu:
  New
Status in linux-lts-trusty package in Ubuntu:
  New
Status in linux-lts-utopic package in Ubuntu:
  Fix Released
Status in linux-lts-vivid package in Ubuntu:
  Fix Released
Status in linux-lts-wily package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  New
Status in linux-manta package in Ubuntu:
  New
Status in linux-raspi2 package in Ubuntu:
  Fix Released
Status in linux-ti-omap4 package in Ubuntu:
  New
Status in lxc package in Ubuntu:
  New
Status in linux source package in Precise:
  Invalid
Status in linux-lts-trusty source package in Precise:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Vivid:
  Fix Released
Status in linux source package in Wily:
  Fix Released
Status in linux source package in Xenial:
  Incomplete

Bug description:
  A kernel bug in user namespaces allows root in a container to ptrace
  host-root-owned tasks during a window of opportunity during lxc-attach
  / 'lxc exec', before they drop privilege by doing setuid to the
  container root uid.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1527374/+subscriptions