Patchwork [Raring,0/5] Fixes for CVE-2013-1959 and CVE-2013-1979

login
register
mail settings
Submitter John Johansen
Date April 30, 2013, 8:59 p.m.
Message ID <1367355545-10432-1-git-send-email-john.johansen@canonical.com>
Download mbox
Permalink /patch/240691/
State New
Headers show

Pull-request

git://kernel.ubuntu.com/jj/ubuntu-raring.git cve-2013-1959

Comments

John Johansen - April 30, 2013, 8:59 p.m.
Please pull or apply the following patches

The following changes since commit c9170f3912a16df992e3e9763ebadf7f845f96f4:

  UBUNTU: Ubuntu-3.8.0-19.29 (2013-04-17 12:01:17 -0600)

are available in the git repository at:

  git://kernel.ubuntu.com/jj/ubuntu-raring.git cve-2013-1959

for you to fetch changes up to f76eda62f61ecc9af2b067ff3568bf03c313b9ef:

  userns: Changing any namespace id mappings should require privileges (CVE-2013-1979) (2013-04-30 10:24:02 -0700)

----------------------------------------------------------------
Andy Lutomirski (2):
      userns: Check uid_map's opener's fsuid, not the current fsuid (CVE-2013-1959)
      userns: Changing any namespace id mappings should require privileges (CVE-2013-1979)

Eric W. Biederman (1):
      userns: Don't let unprivileged users trick privileged users into setting the id_map (CVE-2013-1959)

Linus Torvalds (2):
      Add file_ns_capable() helper function for open-time capability checking (CVE-2013-1959)
      net: fix incorrect credentials passing (CVE-2013-1979)

 include/linux/capability.h |  2 ++
 include/net/scm.h          |  4 ++--
 kernel/capability.c        | 24 ++++++++++++++++++++++++
 kernel/user_namespace.c    | 22 +++++++++++++---------
 4 files changed, 41 insertions(+), 11 deletions(-)
Tim Gardner - April 30, 2013, 9:15 p.m.
Straightforward clean cherry picks.
Brad Figg - April 30, 2013, 9:15 p.m.
On 04/30/2013 01:59 PM, John Johansen wrote:
> Please pull or apply the following patches
>
> The following changes since commit c9170f3912a16df992e3e9763ebadf7f845f96f4:
>
>    UBUNTU: Ubuntu-3.8.0-19.29 (2013-04-17 12:01:17 -0600)
>
> are available in the git repository at:
>
>    git://kernel.ubuntu.com/jj/ubuntu-raring.git cve-2013-1959
>
> for you to fetch changes up to f76eda62f61ecc9af2b067ff3568bf03c313b9ef:
>
>    userns: Changing any namespace id mappings should require privileges (CVE-2013-1979) (2013-04-30 10:24:02 -0700)
>
> ----------------------------------------------------------------
> Andy Lutomirski (2):
>        userns: Check uid_map's opener's fsuid, not the current fsuid (CVE-2013-1959)
>        userns: Changing any namespace id mappings should require privileges (CVE-2013-1979)
>
> Eric W. Biederman (1):
>        userns: Don't let unprivileged users trick privileged users into setting the id_map (CVE-2013-1959)
>
> Linus Torvalds (2):
>        Add file_ns_capable() helper function for open-time capability checking (CVE-2013-1959)
>        net: fix incorrect credentials passing (CVE-2013-1979)
>
>   include/linux/capability.h |  2 ++
>   include/net/scm.h          |  4 ++--
>   kernel/capability.c        | 24 ++++++++++++++++++++++++
>   kernel/user_namespace.c    | 22 +++++++++++++---------
>   4 files changed, 41 insertions(+), 11 deletions(-)
>
>