Ack: [Raring][PATCH 0/5] Fixes for CVE-2013-1959 and CVE-2013-1979
Brad Figg
brad.figg at canonical.com
Tue Apr 30 21:15:25 UTC 2013
On 04/30/2013 01:59 PM, John Johansen wrote:
> Please pull or apply the following patches
>
> The following changes since commit c9170f3912a16df992e3e9763ebadf7f845f96f4:
>
> UBUNTU: Ubuntu-3.8.0-19.29 (2013-04-17 12:01:17 -0600)
>
> are available in the git repository at:
>
> git://kernel.ubuntu.com/jj/ubuntu-raring.git cve-2013-1959
>
> for you to fetch changes up to f76eda62f61ecc9af2b067ff3568bf03c313b9ef:
>
> userns: Changing any namespace id mappings should require privileges (CVE-2013-1979) (2013-04-30 10:24:02 -0700)
>
> ----------------------------------------------------------------
> Andy Lutomirski (2):
> userns: Check uid_map's opener's fsuid, not the current fsuid (CVE-2013-1959)
> userns: Changing any namespace id mappings should require privileges (CVE-2013-1979)
>
> Eric W. Biederman (1):
> userns: Don't let unprivileged users trick privileged users into setting the id_map (CVE-2013-1959)
>
> Linus Torvalds (2):
> Add file_ns_capable() helper function for open-time capability checking (CVE-2013-1959)
> net: fix incorrect credentials passing (CVE-2013-1979)
>
> include/linux/capability.h | 2 ++
> include/net/scm.h | 4 ++--
> kernel/capability.c | 24 ++++++++++++++++++++++++
> kernel/user_namespace.c | 22 +++++++++++++---------
> 4 files changed, 41 insertions(+), 11 deletions(-)
>
>
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the kernel-team
mailing list