[Raring][PATCH 0/5] Fixes for CVE-2013-1959 and CVE-2013-1979

John Johansen john.johansen at canonical.com
Tue Apr 30 20:59:00 UTC 2013


Please pull or apply the following patches

The following changes since commit c9170f3912a16df992e3e9763ebadf7f845f96f4:

  UBUNTU: Ubuntu-3.8.0-19.29 (2013-04-17 12:01:17 -0600)

are available in the git repository at:

  git://kernel.ubuntu.com/jj/ubuntu-raring.git cve-2013-1959

for you to fetch changes up to f76eda62f61ecc9af2b067ff3568bf03c313b9ef:

  userns: Changing any namespace id mappings should require privileges (CVE-2013-1979) (2013-04-30 10:24:02 -0700)

----------------------------------------------------------------
Andy Lutomirski (2):
      userns: Check uid_map's opener's fsuid, not the current fsuid (CVE-2013-1959)
      userns: Changing any namespace id mappings should require privileges (CVE-2013-1979)

Eric W. Biederman (1):
      userns: Don't let unprivileged users trick privileged users into setting the id_map (CVE-2013-1959)

Linus Torvalds (2):
      Add file_ns_capable() helper function for open-time capability checking (CVE-2013-1959)
      net: fix incorrect credentials passing (CVE-2013-1979)

 include/linux/capability.h |  2 ++
 include/net/scm.h          |  4 ++--
 kernel/capability.c        | 24 ++++++++++++++++++++++++
 kernel/user_namespace.c    | 22 +++++++++++++---------
 4 files changed, 41 insertions(+), 11 deletions(-)





More information about the kernel-team mailing list