| 2016-06-23 00:03:14 |
Steve Beattie |
bug |
|
|
added bug |
| 2016-06-23 06:06:12 |
Steve Beattie |
description |
The upstream stable rc git tree (http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/log/?h=linux-4.6.y) currently has the following commits for netfilter that address (with unprivileged user namespaces enabled) local privilege escalation. These are the commit references in linus' tree:
f24e230d257af1ad7476c6e81a8dc3127a74204e netfilter: x_tables: don't move to non-existent next rule
36472341017529e2b12573093cc0f68719300997 netfilter: x_tables: validate targets of jumps
7d35812c3214afa5b37a675113555259cfd67b98 netfilter: x_tables: add and use xt_check_entry_offsets
aa412ba225dd3bc36d404c28cdc3d674850d80d0 netfilter: x_tables: kill check_entry helper
a08e4e190b866579896c09af59b3bdca821da2cd netfilter: x_tables: assert minimum target size
fc1221b3a163d1386d1052184202d5dc50d302d1 netfilter: x_tables: add compat version of xt_check_entry_offsets
7ed2abddd20cf8f6bd27f65bd218f26fa5bf7f44 netfilter: x_tables: check standard target size too
ce683e5f9d045e5d67d1312a42b359cb2ab2a13c netfilter: x_tables: check for bogus target offset
13631bfc604161a9d69cd68991dff8603edd66f9 netfilter: x_tables: validate all offsets and sizes in a rule
7b7eba0f3515fca3296b8881d583f7c1042f5226 netfilter: x_tables: don't reject valid target size on some architectures
CRD: Public |
The upstream stable rc git tree (http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/log/?h=linux-4.6.y) currently has the following commits for netfilter that address (with unprivileged user namespaces enabled) local privilege escalation. These are the commit references in linus' tree:
f24e230d257af1ad7476c6e81a8dc3127a74204e
netfilter: x_tables: don't move to non-existent next rule
36472341017529e2b12573093cc0f68719300997
netfilter: x_tables: validate targets of jumps
7d35812c3214afa5b37a675113555259cfd67b98
netfilter: x_tables: add and use xt_check_entry_offsets
aa412ba225dd3bc36d404c28cdc3d674850d80d0
netfilter: x_tables: kill check_entry helper
a08e4e190b866579896c09af59b3bdca821da2cd
netfilter: x_tables: assert minimum target size
fc1221b3a163d1386d1052184202d5dc50d302d1
netfilter: x_tables: add compat version of xt_check_entry_offsets
7ed2abddd20cf8f6bd27f65bd218f26fa5bf7f44
netfilter: x_tables: check standard target size too
ce683e5f9d045e5d67d1312a42b359cb2ab2a13c
netfilter: x_tables: check for bogus target offset
13631bfc604161a9d69cd68991dff8603edd66f9
netfilter: x_tables: validate all offsets and sizes in a rule
7b7eba0f3515fca3296b8881d583f7c1042f5226
netfilter: x_tables: don't reject valid target size on some architectures
8dddd32756f6fe8e4e82a63361119b7e2384e02f
netfilter: arp_tables: simplify translate_compat_table args
7d3f843eed29222254c9feab481f55175a1afcc9
netfilter: ip_tables: simplify translate_compat_table args
329a0807124f12fe1c8032f95d8a8eb47047fb0e
netfilter: ip6_tables: simplify translate_compat_table args
0188346f21e6546498c2a0f84888797ad4063fc5
netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
09d9686047dbbe1cf4faa558d3ecc4aae2046054
netfilter: x_tables: do compat validation via translate_table
d7591f0c41ce3e67600a982bab6989ef0f07b3ce
netfilter: x_tables: introduce and use xt_copy_counters_from_user
CRD: Public |
|
| 2016-06-23 06:08:34 |
Steve Beattie |
description |
The upstream stable rc git tree (http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/log/?h=linux-4.6.y) currently has the following commits for netfilter that address (with unprivileged user namespaces enabled) local privilege escalation. These are the commit references in linus' tree:
f24e230d257af1ad7476c6e81a8dc3127a74204e
netfilter: x_tables: don't move to non-existent next rule
36472341017529e2b12573093cc0f68719300997
netfilter: x_tables: validate targets of jumps
7d35812c3214afa5b37a675113555259cfd67b98
netfilter: x_tables: add and use xt_check_entry_offsets
aa412ba225dd3bc36d404c28cdc3d674850d80d0
netfilter: x_tables: kill check_entry helper
a08e4e190b866579896c09af59b3bdca821da2cd
netfilter: x_tables: assert minimum target size
fc1221b3a163d1386d1052184202d5dc50d302d1
netfilter: x_tables: add compat version of xt_check_entry_offsets
7ed2abddd20cf8f6bd27f65bd218f26fa5bf7f44
netfilter: x_tables: check standard target size too
ce683e5f9d045e5d67d1312a42b359cb2ab2a13c
netfilter: x_tables: check for bogus target offset
13631bfc604161a9d69cd68991dff8603edd66f9
netfilter: x_tables: validate all offsets and sizes in a rule
7b7eba0f3515fca3296b8881d583f7c1042f5226
netfilter: x_tables: don't reject valid target size on some architectures
8dddd32756f6fe8e4e82a63361119b7e2384e02f
netfilter: arp_tables: simplify translate_compat_table args
7d3f843eed29222254c9feab481f55175a1afcc9
netfilter: ip_tables: simplify translate_compat_table args
329a0807124f12fe1c8032f95d8a8eb47047fb0e
netfilter: ip6_tables: simplify translate_compat_table args
0188346f21e6546498c2a0f84888797ad4063fc5
netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
09d9686047dbbe1cf4faa558d3ecc4aae2046054
netfilter: x_tables: do compat validation via translate_table
d7591f0c41ce3e67600a982bab6989ef0f07b3ce
netfilter: x_tables: introduce and use xt_copy_counters_from_user
CRD: Public |
The upstream stable rc git tree (http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/log/?h=linux-4.6.y) currently has the following commits for netfilter that address (with unprivileged user namespaces enabled) local privilege escalation. These are the commit references in linus' tree:
f24e230d257af1ad7476c6e81a8dc3127a74204e
netfilter: x_tables: don't move to non-existent next rule
36472341017529e2b12573093cc0f68719300997
netfilter: x_tables: validate targets of jumps
7d35812c3214afa5b37a675113555259cfd67b98
netfilter: x_tables: add and use xt_check_entry_offsets
aa412ba225dd3bc36d404c28cdc3d674850d80d0
netfilter: x_tables: kill check_entry helper
a08e4e190b866579896c09af59b3bdca821da2cd
netfilter: x_tables: assert minimum target size
fc1221b3a163d1386d1052184202d5dc50d302d1
netfilter: x_tables: add compat version of xt_check_entry_offsets
7ed2abddd20cf8f6bd27f65bd218f26fa5bf7f44
netfilter: x_tables: check standard target size too
ce683e5f9d045e5d67d1312a42b359cb2ab2a13c
netfilter: x_tables: check for bogus target offset
13631bfc604161a9d69cd68991dff8603edd66f9
netfilter: x_tables: validate all offsets and sizes in a rule
7b7eba0f3515fca3296b8881d583f7c1042f5226
netfilter: x_tables: don't reject valid target size on some architectures
8dddd32756f6fe8e4e82a63361119b7e2384e02f
netfilter: arp_tables: simplify translate_compat_table args
7d3f843eed29222254c9feab481f55175a1afcc9
netfilter: ip_tables: simplify translate_compat_table args
329a0807124f12fe1c8032f95d8a8eb47047fb0e
netfilter: ip6_tables: simplify translate_compat_table args
0188346f21e6546498c2a0f84888797ad4063fc5
netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
09d9686047dbbe1cf4faa558d3ecc4aae2046054
netfilter: x_tables: do compat validation via translate_table
d7591f0c41ce3e67600a982bab6989ef0f07b3ce
netfilter: x_tables: introduce and use xt_copy_counters_from_user
They have also been backported to the 4.4 (http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/log/?h=linux-4.4.y) and 3.14 (http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/log/?h=linux-3.14.y) stable trees, with 3 additional prerequisite backported commits:
bdf533de6968e9686df777dc178486f600c6e617
netfilter: x_tables: validate e->target_offset early
6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91
netfilter: x_tables: make sure e->next_offset covers remaining blob size
54d83fc74aa9ec72794373cb47432c5f7fb1a309
netfilter: x_tables: fix unconditional helper
CRD: Public |
|
| 2016-06-23 06:08:50 |
Steve Beattie |
information type |
Private Security |
Public Security |
|
| 2016-06-23 06:30:13 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2016-06-23 06:49:09 |
Steve Beattie |
linux (Ubuntu): status |
Incomplete |
Confirmed |
|
| 2016-06-27 14:00:42 |
Kamal Mostafa |
tags |
|
verification-needed-trusty |
|
| 2016-06-27 14:00:57 |
Kamal Mostafa |
tags |
verification-needed-trusty |
verification-needed-trusty verification-needed-vivid |
|
| 2016-06-27 14:01:11 |
Kamal Mostafa |
tags |
verification-needed-trusty verification-needed-vivid |
verification-needed-trusty verification-needed-vivid verification-needed-wily |
|
| 2016-06-27 14:01:40 |
Kamal Mostafa |
tags |
verification-needed-trusty verification-needed-vivid verification-needed-wily |
verification-needed-trusty verification-needed-vivid verification-needed-wily verification-needed-xenial |
|
| 2016-06-27 17:40:51 |
Launchpad Janitor |
linux (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2016-06-27 17:40:51 |
Launchpad Janitor |
cve linked |
|
2016-4482 |
|
| 2016-06-27 17:40:51 |
Launchpad Janitor |
cve linked |
|
2016-4569 |
|
| 2016-06-27 17:40:51 |
Launchpad Janitor |
cve linked |
|
2016-4578 |
|
| 2016-06-27 17:40:51 |
Launchpad Janitor |
cve linked |
|
2016-4951 |
|
| 2016-08-12 17:18:56 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-security/linux-lts-wily |
|
| 2016-08-12 17:19:49 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-updates/linux-lts-wily |
|
| 2016-08-12 18:29:28 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-security/linux-lts-vivid |
|
| 2016-08-12 18:30:37 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/linux-lts-vivid |
|
| 2016-08-12 18:31:41 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-updates/linux-lts-vivid |
|
