[Raring][PATCH 0/5] Fixes for CVE-2013-1959 and CVE-2013-1979
John Johansen
john.johansen at canonical.com
Tue Apr 30 20:59:00 UTC 2013
Please pull or apply the following patches
The following changes since commit c9170f3912a16df992e3e9763ebadf7f845f96f4:
UBUNTU: Ubuntu-3.8.0-19.29 (2013-04-17 12:01:17 -0600)
are available in the git repository at:
git://kernel.ubuntu.com/jj/ubuntu-raring.git cve-2013-1959
for you to fetch changes up to f76eda62f61ecc9af2b067ff3568bf03c313b9ef:
userns: Changing any namespace id mappings should require privileges (CVE-2013-1979) (2013-04-30 10:24:02 -0700)
----------------------------------------------------------------
Andy Lutomirski (2):
userns: Check uid_map's opener's fsuid, not the current fsuid (CVE-2013-1959)
userns: Changing any namespace id mappings should require privileges (CVE-2013-1979)
Eric W. Biederman (1):
userns: Don't let unprivileged users trick privileged users into setting the id_map (CVE-2013-1959)
Linus Torvalds (2):
Add file_ns_capable() helper function for open-time capability checking (CVE-2013-1959)
net: fix incorrect credentials passing (CVE-2013-1979)
include/linux/capability.h | 2 ++
include/net/scm.h | 4 ++--
kernel/capability.c | 24 ++++++++++++++++++++++++
kernel/user_namespace.c | 22 +++++++++++++---------
4 files changed, 41 insertions(+), 11 deletions(-)
More information about the kernel-team
mailing list