CVE-2015-8709

Bug #1527374 reported by Serge Hallyn on 2015-12-17
280
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Nominated for Yakkety by Steve Beattie
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-armadaxp (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie
linux-flo (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie
linux-goldfish (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie
linux-lts-quantal (Ubuntu)
Medium
Unassigned
Nominated for Yakkety by Steve Beattie
linux-lts-raring (Ubuntu)
Medium
Unassigned
Nominated for Yakkety by Steve Beattie
linux-lts-saucy (Ubuntu)
Medium
Unassigned
Nominated for Yakkety by Steve Beattie
linux-lts-trusty (Ubuntu)
Precise
Medium
Unassigned
linux-lts-utopic (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie
linux-lts-vivid (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie
linux-lts-wily (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie
linux-lts-xenial (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie
linux-mako (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie
linux-manta (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie
linux-raspi2 (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie
linux-snapdragon (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie
linux-ti-omap4 (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie
lxc (Ubuntu)
Undecided
Unassigned
Nominated for Yakkety by Steve Beattie

Bug Description

** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here."

Break-Fix: - local-2015-8709

Serge Hallyn (serge-hallyn) wrote :

The kernel patch to fix this is at https://lkml.org/lkml/2015/12/12/259

Brad Figg (brad-figg) on 2015-12-17
no longer affects: lxd (Ubuntu Xenial)
no longer affects: lxd (Ubuntu Wily)
no longer affects: lxd (Ubuntu Vivid)
no longer affects: lxd (Ubuntu Trusty)
no longer affects: lxc (Ubuntu Xenial)
no longer affects: lxc (Ubuntu Wily)
no longer affects: lxc (Ubuntu Vivid)
no longer affects: lxc (Ubuntu Trusty)
Brad Figg (brad-figg) on 2015-12-17
no longer affects: lxd (Ubuntu Precise)
no longer affects: lxc (Ubuntu Precise)
no longer affects: linux-lts-wily (Ubuntu Precise)
no longer affects: linux-lts-vivid (Ubuntu Precise)
no longer affects: linux-lts-utopic (Ubuntu Precise)
Steve Beattie (sbeattie) on 2015-12-17
Changed in linux-lts-trusty (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux (Ubuntu Wily):
importance: Undecided → Medium
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux (Ubuntu Vivid):
importance: Undecided → Medium
description: updated
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.2.0-22.27

---------------
linux (4.2.0-22.27) wily; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1527391

  [ Jann Horn ]

  * ptrace: being capable wrt a process requires mapped uids/gids
    - LP: #1527374

linux (4.2.0-22.26) wily; urgency=low

  [ Upstream Kernel Changes ]

  * xen: Add RING_COPY_REQUEST()
    - CVE-2015-8550
  * xen-netback: don't use last request to determine minimum Tx credit
    - CVE-2015-8550
  * xen-netback: use RING_COPY_REQUEST() throughout
    - CVE-2015-8550
  * xen-blkback: only read request operation from shared ring once
    - CVE-2015-8550
  * xen-blkback: read from indirect descriptors only once
    - CVE-2015-8550
  * xen-scsiback: safely copy requests
    - CVE-2015-8550
  * xen/pciback: Save xen_pci_op commands before processing it
    - CVE-2015-8550
  * xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Do not install an IRQ handler for MSI interrupts.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has
    MSI(X) enabled.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553

 -- Kamal Mostafa <email address hidden> Thu, 17 Dec 2015 12:54:53 -0800

Changed in linux (Ubuntu Wily):
status: New → Fix Released
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.19.0-42.48

---------------
linux (3.19.0-42.48) vivid; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1527393

  [ Jann Horn ]

  * ptrace: being capable wrt a process requires mapped uids/gids
    - LP: #1527374

linux (3.19.0-42.47) vivid; urgency=low

  [ Upstream Kernel Changes ]

  * xen: Add RING_COPY_REQUEST()
    - CVE-2015-8550
  * xen-netback: don't use last request to determine minimum Tx credit
    - CVE-2015-8550
  * xen-netback: use RING_COPY_REQUEST() throughout
    - CVE-2015-8550
  * xen-blkback: only read request operation from shared ring once
    - CVE-2015-8550
  * xen-blkback: read from indirect descriptors only once
    - CVE-2015-8550
  * xen-scsiback: safely copy requests
    - CVE-2015-8550
  * xen/pciback: Save xen_pci_op commands before processing it
    - CVE-2015-8550
  * xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Do not install an IRQ handler for MSI interrupts.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has
    MSI(X) enabled.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553

 -- Kamal Mostafa <email address hidden> Thu, 17 Dec 2015 13:03:51 -0800

Changed in linux (Ubuntu Vivid):
status: New → Fix Released
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.13.0-74.118

---------------
linux (3.13.0-74.118) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1527404

  [ Jann Horn ]

  * ptrace: being capable wrt a process requires mapped uids/gids
    - LP: #1527374

linux (3.13.0-74.117) trusty; urgency=low

  [ Upstream Kernel Changes ]

  * xen: Add RING_COPY_REQUEST()
    - CVE-2015-8550
  * xen-netback: don't use last request to determine minimum Tx credit
    - CVE-2015-8550
  * xen-netback: use RING_COPY_REQUEST() throughout
    - CVE-2015-8550
  * xen-blkback: only read request operation from shared ring once
    - CVE-2015-8550
  * xen-blkback: read from indirect descriptors only once
    - CVE-2015-8550
  * xen/pciback: Save xen_pci_op commands before processing it
    - CVE-2015-8550
  * xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Do not install an IRQ handler for MSI interrupts.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has
    MSI(X) enabled.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553

 -- Kamal Mostafa <email address hidden> Thu, 17 Dec 2015 13:06:31 -0800

Changed in linux (Ubuntu Trusty):
status: New → Fix Released
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-utopic - 3.16.0-57.77~14.04.1

---------------
linux-lts-utopic (3.16.0-57.77~14.04.1) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1527409

  [ Jann Horn ]

  * ptrace: being capable wrt a process requires mapped uids/gids
    - LP: #1527374

linux-lts-utopic (3.16.0-57.76~14.04.1) trusty; urgency=low

  [ Upstream Kernel Changes ]

  * xen: Add RING_COPY_REQUEST()
    - CVE-2015-8550
  * xen-netback: don't use last request to determine minimum Tx credit
    - CVE-2015-8550
  * xen-netback: use RING_COPY_REQUEST() throughout
    - CVE-2015-8550
  * xen-blkback: only read request operation from shared ring once
    - CVE-2015-8550
  * xen-blkback: read from indirect descriptors only once
    - CVE-2015-8550
  * xen/pciback: Save xen_pci_op commands before processing it
    - CVE-2015-8550
  * xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Do not install an IRQ handler for MSI interrupts.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has
    MSI(X) enabled.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553

 -- Kamal Mostafa <email address hidden> Thu, 17 Dec 2015 15:01:30 -0800

Changed in linux-lts-utopic (Ubuntu):
status: New → Fix Released
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-trusty - 3.13.0-74.118~precise1

---------------
linux-lts-trusty (3.13.0-74.118~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1527467

  [ Jann Horn ]

  * ptrace: being capable wrt a process requires mapped uids/gids
    - LP: #1527374

linux (3.13.0-74.117) trusty; urgency=low

  [ Upstream Kernel Changes ]

  * xen: Add RING_COPY_REQUEST()
    - CVE-2015-8550
  * xen-netback: don't use last request to determine minimum Tx credit
    - CVE-2015-8550
  * xen-netback: use RING_COPY_REQUEST() throughout
    - CVE-2015-8550
  * xen-blkback: only read request operation from shared ring once
    - CVE-2015-8550
  * xen-blkback: read from indirect descriptors only once
    - CVE-2015-8550
  * xen/pciback: Save xen_pci_op commands before processing it
    - CVE-2015-8550
  * xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Do not install an IRQ handler for MSI interrupts.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has
    MSI(X) enabled.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553

 -- Luis Henriques <email address hidden> Fri, 18 Dec 2015 10:10:21 +0000

Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Fix Released
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-raspi2 - 4.2.0-1017.24

---------------
linux-raspi2 (4.2.0-1017.24) wily; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1527537
  * rebased on Ubuntu-4.2.0-21.25

  [ Ubuntu: 4.2.0-22.27 ]

  * Release Tracking Bug
    - LP: #1527391
  * ptrace: being capable wrt a process requires mapped uids/gids
    - LP: #1527374

  [ Ubuntu: 4.2.0-22.26 ]

  * xen: Add RING_COPY_REQUEST()
    - CVE-2015-8550
  * xen-netback: don't use last request to determine minimum Tx credit
    - CVE-2015-8550
  * xen-netback: use RING_COPY_REQUEST() throughout
    - CVE-2015-8550
  * xen-blkback: only read request operation from shared ring once
    - CVE-2015-8550
  * xen-blkback: read from indirect descriptors only once
    - CVE-2015-8550
  * xen-scsiback: safely copy requests
    - CVE-2015-8550
  * xen/pciback: Save xen_pci_op commands before processing it
    - CVE-2015-8550
  * xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Do not install an IRQ handler for MSI interrupts.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has
    MSI(X) enabled.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553

 -- Luis Henriques <email address hidden> Fri, 18 Dec 2015 10:37:58 +0000

Changed in linux-raspi2 (Ubuntu):
status: New → Fix Released
status: New → Fix Released
information type: Private Security → Public Security
tags: added: patch

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1527374

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete

This bug was fixed in the package linux-lts-vivid - 3.19.0-42.48~14.04.1

---------------
linux-lts-vivid (3.19.0-42.48~14.04.1) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1527519

  [ Jann Horn ]

  * ptrace: being capable wrt a process requires mapped uids/gids
    - LP: #1527374

linux (3.19.0-42.47) vivid; urgency=low

  [ Upstream Kernel Changes ]

  * xen: Add RING_COPY_REQUEST()
    - CVE-2015-8550
  * xen-netback: don't use last request to determine minimum Tx credit
    - CVE-2015-8550
  * xen-netback: use RING_COPY_REQUEST() throughout
    - CVE-2015-8550
  * xen-blkback: only read request operation from shared ring once
    - CVE-2015-8550
  * xen-blkback: read from indirect descriptors only once
    - CVE-2015-8550
  * xen-scsiback: safely copy requests
    - CVE-2015-8550
  * xen/pciback: Save xen_pci_op commands before processing it
    - CVE-2015-8550
  * xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Do not install an IRQ handler for MSI interrupts.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has
    MSI(X) enabled.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553

 -- Luis Henriques <email address hidden> Fri, 18 Dec 2015 09:59:09 +0000

Changed in linux-lts-vivid (Ubuntu):
status: New → Fix Released
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-wily - 4.2.0-22.27~14.04.1

---------------
linux-lts-wily (4.2.0-22.27~14.04.1) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1527538

  [ Jann Horn ]

  * ptrace: being capable wrt a process requires mapped uids/gids
    - LP: #1527374

linux (4.2.0-22.26) wily; urgency=low

  [ Upstream Kernel Changes ]

  * xen: Add RING_COPY_REQUEST()
    - CVE-2015-8550
  * xen-netback: don't use last request to determine minimum Tx credit
    - CVE-2015-8550
  * xen-netback: use RING_COPY_REQUEST() throughout
    - CVE-2015-8550
  * xen-blkback: only read request operation from shared ring once
    - CVE-2015-8550
  * xen-blkback: read from indirect descriptors only once
    - CVE-2015-8550
  * xen-scsiback: safely copy requests
    - CVE-2015-8550
  * xen/pciback: Save xen_pci_op commands before processing it
    - CVE-2015-8550
  * xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI
    or MSI-X enabled
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Do not install an IRQ handler for MSI interrupts.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has
    MSI(X) enabled.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553
  * xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
    - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553

 -- Luis Henriques <email address hidden> Fri, 18 Dec 2015 10:27:07 +0000

Changed in linux-lts-wily (Ubuntu):
status: New → Fix Released
status: New → Fix Released
no longer affects: lxd (Ubuntu)
Steve Beattie (sbeattie) wrote :

Mitre assigned CVE-2015-8709 for this issue.

Andy Whitcroft (apw) on 2016-01-05
Changed in linux (Ubuntu Xenial):
status: Incomplete → Fix Committed
summary: - privilege escalation on attach through ptrace
+ CVE-2015-8709
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux-armadaxp (Ubuntu):
status: New → Confirmed
Changed in linux-flo (Ubuntu):
status: New → Confirmed
Changed in linux-goldfish (Ubuntu):
status: New → Confirmed
Changed in linux-lts-quantal (Ubuntu):
status: New → Confirmed
Changed in linux-lts-raring (Ubuntu):
status: New → Confirmed
Changed in linux-lts-saucy (Ubuntu):
status: New → Confirmed
Changed in linux-lts-trusty (Ubuntu):
status: New → Confirmed
Changed in linux-mako (Ubuntu):
status: New → Confirmed
Changed in linux-manta (Ubuntu):
status: New → Confirmed
Changed in linux-ti-omap4 (Ubuntu):
status: New → Confirmed
Changed in lxc (Ubuntu):
status: New → Confirmed
tags: added: kernel-cve-tracking-bug
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.3.0-6.17

---------------
linux (4.3.0-6.17) xenial; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1532958

  [ Eric Dumazet ]

  * SAUCE: (noup) net: fix IP early demux races
    - LP: #1526946

  [ Guilherme G. Piccoli ]

  * SAUCE: powerpc/eeh: Validate arch in eeh_add_device_early()
    - LP: #1486180

  [ Hui Wang ]

  * [Config] CONFIG_I2C_DESIGNWARE_BAYTRAIL=y, CONFIG_IOSF_MBI=y
    - LP: #1527096

  [ Jann Horn ]

  * ptrace: being capable wrt a process requires mapped uids/gids
    - LP: #1527374

  [ Serge Hallyn ]

  * SAUCE: add a sysctl to disable unprivileged user namespace unsharing

  [ Tim Gardner ]

  * [Config] CONFIG_ZONE_DEVICE=y for amd64
  * [Config] CONFIG_VIRTIO_BLK=y, CONFIG_VIRTIO_NET=y for s390
    - LP: #1532886

  [ Upstream Kernel Changes ]

  * rhashtable: Fix walker list corruption
    - LP: #1526811
  * rhashtable: Kill harmless RCU warning in rhashtable_walk_init
    - LP: #1526811
  * ovl: fix permission checking for setattr
    - LP: #1528904
    - CVE-2015-8660

 -- Tim Gardner <email address hidden> Thu, 17 Dec 2015 05:34:47 -0700

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Steve Beattie (sbeattie) on 2016-02-10
description: updated
no longer affects: linux-lts-trusty (Ubuntu)
Changed in linux-lts-quantal (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Won't Fix
Changed in linux-lts-raring (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Won't Fix
Changed in linux-lts-saucy (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Won't Fix
Steve Beattie (sbeattie) on 2016-05-11
description: updated
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers