[ubuntu-hardened] Overlayfs over Fuse Privilege Escalation in USERNS.
Seth Arnold
seth.arnold at canonical.com
Tue Mar 1 21:19:03 UTC 2016
On Tue, Mar 01, 2016 at 07:55:37PM +0100, daniel curtis wrote:
> If it is about "Trusty" or "Vivid" etc., releases, the status is: 'Fix
> Released' while for "Precise" it is: 'New' with 'Importance: Medium' (see
> Bug #1534961). There is an Ubuntu Security Notice (USN 2908-4) published on
> February 26, 2016 (more: http://lwn.net/Articles/677951/).
>
> CVE ID's: CVE-2016-1575 CVE-2016-1576.
> LP: #1534961, #1535150.
>
> Will there be available an update for the "Precise"? If yes, when?
Hello Daniel,
I understand these issues rely upon the USERNS support that was added to
the Linux kernel after the 12.04 LTS kernel; while the underlying bugs are
probably still there, there's no uid mapping or easy way for unprivileged
users to create the mounts in the first place.
I assume they'll be handled at the next regular kernel release; there
may or may not be a mention in a USN depending upon the details of the
issues.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20160301/e262189e/attachment.pgp>
More information about the ubuntu-hardened
mailing list