APPLIED: [PATCH 0/1][C/D] CVE-2018-6559 - Filename information disclosure in overlayfs
stefan.bader at canonical.com
Thu Nov 8 11:47:18 UTC 2018
On 19.10.18 18:44, Tyler Hicks wrote:
> The overlayfs implementation in the linux (aka Linux kernel) package in Ubuntu
> did not properly check permissions for read operations on directories in the
> lower filesystem directory, which allows local users to obtain names of files
> in which they would not normally be able to access by performing an overlayfs
> mount inside of a user namespace.
> I've tested this change with a QRT regression test that I wrote as well as the
> This issue is related to a portion of CVE-2015-1328 that was reintroduced into
> the Ubuntu kernel. This bug comment describes the situation:
> As mentioned above, I wrote a QRT test for this issue so that we don't
> accidentally drop our SAUCE patch in the future.
Applied to cosmic/master-next. Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the kernel-team