[Bug 1527374] Re: privilege escalation on attach through ptrace

Sat, 19 Dec 2015 03:56:27 -0800 

This bug was fixed in the package linux-lts-vivid - 3.19.0-42.48~14.04.1

---------------
linux-lts-vivid (3.19.0-42.48~14.04.1) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1527519

  [ Jann Horn ]

  * ptrace: being capable wrt a process requires mapped uids/gids
    - LP: #1527374

linux (3.19.0-42.47) vivid; urgency=low

  [ Upstream Kernel Changes ]

  * xen: Add RING_COPY_REQUEST()
    - CVE-2015-8550
  * xen-netback: don't use last request to determine minimum Tx credit
    - CVE-2015-8550
  * xen-netback: use RING_COPY_REQUEST() throughout
    - CVE-2015-8550
  * xen-blkback: only read request operation from shared ring once
    - CVE-2015-8550
  * xen-blkback: read from indirect descriptors only once
    - CVE-2015-8550
  * xen-scsiback: safely copy requests
    - CVE-2015-8550
  * xen/pciback: Save xen_pci_op commands before processing it
    - CVE-2015-8550
  * xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Do not install an IRQ handler for MSI interrupts.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has
    MSI(X) enabled.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553

 -- Luis Henriques <luis.henriq...@canonical.com>  Fri, 18 Dec 2015
09:59:09 +0000

** Changed in: linux-lts-vivid (Ubuntu)
       Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8550

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8551

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8552

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8553

** Changed in: linux-lts-vivid (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1527374

Title:
  privilege escalation on attach through ptrace

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1527374/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Reply via email to