** Description changed: - http://www.openwall.com/lists/oss-security/2015/12/23/5 - - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545 - - This allows unprivileged users to change attributes on root-owned files. + The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel + through 4.3.3 attempts to merge distinct setattr operations, which + allows local users to bypass intended access restrictions and modify the + attributes of arbitrary overlay files via a crafted application.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528904 Title: overlay setattr vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1528904/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
