** Description changed: - [Linux user namespaces can bypass group-based restrictions] + The Linux kernel through 3.17.4 does not properly restrict dropping of + supplemental group memberships in certain namespace scenarios, which + allows local users to bypass intended file permissions by leveraging a + POSIX ACL containing an entry for the group category that is more + restrictive than the entry for the other category, aka a "negative + groups" issue, related to kernel/groups.c, kernel/uid16.c, and + kernel/user_namespace.c.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1395189 Title: CVE-2014-8989 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1395189/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
