** Description changed: - [It is possible to escape from bind mounts] + The prepend_path function in fs/dcache.c in the Linux kernel before + 4.2.4 does not properly handle rename actions inside a bind mount, which + allows local users to bypass an intended container protection mechanism + by renaming a directory, related to a "double-chroot attack." Break-Fix: - cde93be45a8a90d8c264c776fab63487b5038a65 Break-Fix: - 397d425dc26da728396e66d392d5dcb8dac30c37
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1441108 Title: CVE-2015-2925 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1441108/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
