Date: Fri, 5 Jun 2015 17:34:23 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss security list <oss-security@...ts.openwall.com> cc: cve-assign@...re.org, "Eric W. Biederman" <ebiederm@...ssion.com> Subject: Re: Re: CVE request Linux kernel: ns: user namespaces panic +-- On Thu, 4 Jun 2015, cve-assign@...re.org wrote --+ | >> From: ebiederm@...ssion.com (Eric W. Biederman) | >> | >> The core issue is that a unprivileged user could call umount(MNT_DETACH) | >> and in the right circumstances gain access to every file on essentially | >> any filesystem in the mount namespace. | >> | >> e0c9c0afd2fc958ffa34b697972721d81df8a56f mnt: Update detach_mounts to leave mounts connected | >> is the real bug fix that fixes a fairly scary issue. | >> | >> So I believe cd4a40174b71acd021877341684d8bb1dc8ea4ae prevents a | >> difficult to trigger crash if you have | >> e0c9c0afd2fc958ffa34b697972721d81df8a56f applied. | >> | | Use CVE-2015-4176 for the issue fixed in | e0c9c0afd2fc958ffa34b697972721d81df8a56f. This code change is present | in 4.0.2. | | Use CVE-2015-4177 for the issue fixed in | cd4a40174b71acd021877341684d8bb1dc8ea4ae. This code change is not | present in 4.0.2. Ie IIUC, existence of CVE-2015-4177 depends on CVE-2015-4176 being fixed, which in turn depends on commit -> https://git.kernel.org/linus/ce07d891a0891d3c0d0c2d73d577490486b809e1 being present. (...Eric?) -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ