** Changed in: linux-snapdragon (Ubuntu Precise)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Wily)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Wily)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Yakkety)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Trusty)
Importance: Undecided => Medium
** Description changed:
- chown removes security.capability xattr on other users' files
+ The VFS subsystem in the Linux kernel 3.x provides an incomplete set of
+ requirements for setattr operations that underspecifies removing
+ extended privilege attributes, which allows local users to cause a
+ denial of service (capability stripping) via a failed invocation of a
+ system call, as demonstrated by using chown to remove a capability from
+ the ping or Wireshark dumpcap program.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1415636
Title:
CVE-2015-1350
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1415636/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
