← Back to team overview

ubuntu-translations-coordinators team mailing list archive

[Bug 1547400] [NEW] CVE-2016-2853

 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug:

When aufs module is loaded with "modprobe aufs allow_userns",
unprivileged user can use xattrs on the working directory or aufs mount
over a fuse mount to create SUID/SGID binaries, thus escalating
privileges. These errors are quite similar to those on overlayfs:

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1535150
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1534961

aufs developers have already confirmed and issued a fix:

https://sourceforge.net/p/aufs/mailman/message/34864744/

Specific reproducers can be found at:

http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
InvitedOnly AkgY8iqF

# lsb_release -rd
Description:    Ubuntu 15.10
Release:        15.10

# apt-cache policy linux-image-4.2.0-27-generic
linux-image-4.2.0-27-generic:
  Installed: 4.2.0-27.32
  Candidate: 4.2.0-27.32
  Version table:
 *** 4.2.0-27.32 0
        500 http://archive.ubuntu.com/ubuntu/ wily-updates/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu/ wily-security/main amd64 Packages
        100 /var/lib/dpkg/status

** Affects: ubuntu-translations
     Importance: Undecided
         Status: New

** Affects: linux (Ubuntu)
     Importance: Low
         Status: Confirmed

** Affects: linux-armadaxp (Ubuntu)
     Importance: Low
         Status: Invalid

** Affects: linux-flo (Ubuntu)
     Importance: Low
         Status: New

** Affects: linux-goldfish (Ubuntu)
     Importance: Low
         Status: New

** Affects: linux-lts-quantal (Ubuntu)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-vivid (Ubuntu)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-wily (Ubuntu)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-xenial (Ubuntu)
     Importance: Low
         Status: Invalid

** Affects: linux-mako (Ubuntu)
     Importance: Low
         Status: New

** Affects: linux-manta (Ubuntu)
     Importance: Low
         Status: Invalid

** Affects: linux-raspi2 (Ubuntu)
     Importance: Low
         Status: New

** Affects: linux-snapdragon (Ubuntu)
     Importance: Low
         Status: New

** Affects: linux-ti-omap4 (Ubuntu)
     Importance: Low
         Status: Invalid

** Affects: linux (Ubuntu Precise)
     Importance: Low
         Status: New

** Affects: linux-armadaxp (Ubuntu Precise)
     Importance: Low
         Status: New

** Affects: linux-flo (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-goldfish (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-quantal (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu Precise)
     Importance: Low
         Status: New

** Affects: linux-lts-utopic (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-vivid (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-wily (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-xenial (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-mako (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-manta (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-raspi2 (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-snapdragon (Ubuntu Precise)
     Importance: Low
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Precise)
     Importance: Low
         Status: New

** Affects: linux (Ubuntu Trusty)
     Importance: Low
         Status: New

** Affects: linux-armadaxp (Ubuntu Trusty)
     Importance: Low
         Status: Invalid

** Affects: linux-flo (Ubuntu Trusty)
     Importance: Low
         Status: Invalid

** Affects: linux-goldfish (Ubuntu Trusty)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-quantal (Ubuntu Trusty)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Trusty)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Trusty)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu Trusty)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu Trusty)
     Importance: Low
         Status: New

** Affects: linux-lts-vivid (Ubuntu Trusty)
     Importance: Low
         Status: New

** Affects: linux-lts-wily (Ubuntu Trusty)
     Importance: Low
         Status: New

** Affects: linux-lts-xenial (Ubuntu Trusty)
     Importance: Low
         Status: New

** Affects: linux-mako (Ubuntu Trusty)
     Importance: Low
         Status: Invalid

** Affects: linux-manta (Ubuntu Trusty)
     Importance: Low
         Status: Invalid

** Affects: linux-raspi2 (Ubuntu Trusty)
     Importance: Low
         Status: Invalid

** Affects: linux-snapdragon (Ubuntu Trusty)
     Importance: Low
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Trusty)
     Importance: Low
         Status: Invalid

** Affects: linux (Ubuntu Wily)
     Importance: Low
         Status: New

** Affects: linux-armadaxp (Ubuntu Wily)
     Importance: Low
         Status: Invalid

** Affects: linux-flo (Ubuntu Wily)
     Importance: Low
         Status: New

** Affects: linux-goldfish (Ubuntu Wily)
     Importance: Low
         Status: New

** Affects: linux-lts-quantal (Ubuntu Wily)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Wily)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Wily)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu Wily)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu Wily)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-vivid (Ubuntu Wily)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-wily (Ubuntu Wily)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-xenial (Ubuntu Wily)
     Importance: Low
         Status: Invalid

** Affects: linux-mako (Ubuntu Wily)
     Importance: Low
         Status: New

** Affects: linux-manta (Ubuntu Wily)
     Importance: Low
         Status: New

** Affects: linux-raspi2 (Ubuntu Wily)
     Importance: Low
         Status: New

** Affects: linux-snapdragon (Ubuntu Wily)
     Importance: Low
         Status: Invalid

** Affects: linux-ti-omap4 (Ubuntu Wily)
     Importance: Low
         Status: Invalid

** Affects: linux (Ubuntu Xenial)
     Importance: Low
         Status: Confirmed

** Affects: linux-armadaxp (Ubuntu Xenial)
     Importance: Low
         Status: Invalid

** Affects: linux-flo (Ubuntu Xenial)
     Importance: Low
         Status: New

** Affects: linux-goldfish (Ubuntu Xenial)
     Importance: Low
         Status: New

** Affects: linux-lts-quantal (Ubuntu Xenial)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Xenial)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Xenial)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu Xenial)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu Xenial)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-vivid (Ubuntu Xenial)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-wily (Ubuntu Xenial)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-xenial (Ubuntu Xenial)
     Importance: Low
         Status: Invalid

** Affects: linux-mako (Ubuntu Xenial)
     Importance: Low
         Status: New

** Affects: linux-manta (Ubuntu Xenial)
     Importance: Low
         Status: Invalid

** Affects: linux-raspi2 (Ubuntu Xenial)
     Importance: Low
         Status: New

** Affects: linux-snapdragon (Ubuntu Xenial)
     Importance: Low
         Status: New

** Affects: linux-ti-omap4 (Ubuntu Xenial)
     Importance: Low
         Status: Invalid

** Affects: linux (Ubuntu Yakkety)
     Importance: Low
         Status: Confirmed

** Affects: linux-armadaxp (Ubuntu Yakkety)
     Importance: Low
         Status: Invalid

** Affects: linux-flo (Ubuntu Yakkety)
     Importance: Low
         Status: New

** Affects: linux-goldfish (Ubuntu Yakkety)
     Importance: Low
         Status: New

** Affects: linux-lts-quantal (Ubuntu Yakkety)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-raring (Ubuntu Yakkety)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-saucy (Ubuntu Yakkety)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-trusty (Ubuntu Yakkety)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-utopic (Ubuntu Yakkety)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-vivid (Ubuntu Yakkety)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-wily (Ubuntu Yakkety)
     Importance: Low
         Status: Invalid

** Affects: linux-lts-xenial (Ubuntu Yakkety)
     Importance: Low
         Status: Invalid

** Affects: linux-mako (Ubuntu Yakkety)
     Importance: Low
         Status: New

** Affects: linux-manta (Ubuntu Yakkety)
     Importance: Low
         Status: Invalid

** Affects: linux-raspi2 (Ubuntu Yakkety)
     Importance: Low
         Status: New

** Affects: linux-snapdragon (Ubuntu Yakkety)
     Importance: Low
         Status: New

** Affects: linux-ti-omap4 (Ubuntu Yakkety)
     Importance: Low
         Status: Invalid


** Tags: kernel-cve-skip-description kernel-cve-tracking-bug kernel-da-key
-- 
CVE-2016-2853
https://bugs.launchpad.net/bugs/1547400
You received this bug notification because you are a member of Ubuntu Translations Coordinators, which is subscribed to Ubuntu Translations.