** Description changed: - [btrfs: non-atomic xattr replace operation] + The Btrfs implementation in the Linux kernel before 3.19 does not ensure + that the visible xattr state is consistent with a requested replacement, + which allows local users to bypass intended ACL settings and gain + privileges via standard filesystem operations (1) during an xattr- + replacement time window, related to a race condition, or (2) after an + xattr-replacement attempt that fails because the data does not fit. Break-Fix: - 5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1438501 Title: CVE-2014-9710 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1438501/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
