** Changed in: linux-lts-quantal (Ubuntu Precise) Status: New => Fix Committed
** Changed in: linux (Ubuntu Utopic) Status: New => Fix Committed ** Changed in: linux-lts-raring (Ubuntu Precise) Status: New => Fix Committed ** Description changed: - The internal function inode_capable was used inappropriately. Depending - on configuration, this may be usable to escalate privileges. A cursory - inspection of my Fedora box suggests that it is not vulnerable to the - obvious way to exploit this bug. + The capabilities implementation in the Linux kernel before 3.14.8 does + not properly consider that namespaces are inapplicable to inodes, which + allows local users to bypass intended chmod restrictions by first + creating a user namespace, as demonstrated by setting the setgid bit on + a file with group ownership of root. Break-Fix: - 23adbe12ef7d3d4195e80800ab36b37bee28cd03 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1329103 Title: CVE-2014-4014 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1329103/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs