| Revision Date: | 2016-11-27 | Version: | 1 | | Title: | CVE-2015-1328 on Ubuntu 16.04 LTS (xenial) - high. | | Description: | The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2015-1328
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT linux-image-4.4.0-150-generic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.4.0-150-generic-lpae package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.4.0-150-lowlatency package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.4.0-150-powerpc-e500mc package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.4.0-150-powerpc-smp package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.4.0-150-powerpc64-emb package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.4.0-150-powerpc64-smp package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-unsigned-4.4.0-150-generic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-unsigned-4.4.0-150-lowlatency package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.4.0-1084-aws package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-3.4.0-5-flo package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.4.0-1034-gke package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-extra-4.4.0-1034-gke package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-3.4.0-4-goldfish package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.15.0-51-generic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.15.0-51-generic-lpae package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.15.0-51-lowlatency package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-unsigned-4.15.0-51-generic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-unsigned-4.15.0-51-lowlatency package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-3.4.0-7-mako package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-extra-virtual package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-extra-virtual-lts-utopic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-extra-virtual-lts-vivid package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-extra-virtual-lts-wily package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-extra-virtual-lts-xenial package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-generic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-generic-lpae package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-generic-lpae-lts-utopic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-generic-lpae-lts-vivid package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-generic-lpae-lts-wily package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-generic-lpae-lts-xenial package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-generic-lts-utopic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-generic-lts-vivid package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-generic-lts-wily package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-generic-lts-xenial package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-hwe-generic-trusty package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-hwe-virtual-trusty package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-lowlatency package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-lowlatency-lts-utopic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-lowlatency-lts-vivid package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-lowlatency-lts-wily package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-lowlatency-lts-xenial package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc-e500mc package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc-e500mc-lts-utopic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc-e500mc-lts-vivid package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc-e500mc-lts-wily package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc-e500mc-lts-xenial package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc-smp package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc-smp-lts-utopic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc-smp-lts-vivid package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc-smp-lts-wily package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc-smp-lts-xenial package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc64-emb package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc64-emb-lts-utopic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc64-emb-lts-vivid package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc64-emb-lts-wily package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc64-emb-lts-xenial package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc64-smp package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc64-smp-lts-utopic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc64-smp-lts-vivid package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc64-smp-lts-wily package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-powerpc64-smp-lts-xenial package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-virtual package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-virtual-lts-utopic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-virtual-lts-vivid package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-virtual-lts-wily package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-virtual-lts-xenial package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-aws package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-extra-virtual-hwe-16.04 package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-generic-hwe-16.04 package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-generic-lpae-hwe-16.04 package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-lowlatency-hwe-16.04 package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-oem package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-virtual-hwe-16.04 package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-raspi2 package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-snapdragon package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.4.0-1110-raspi2 package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.4.0-150-generic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.4.0-150-lowlatency package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.15.0-51-generic package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.15.0-51-lowlatency package in xenial, while related to the CVE in some way, is not affected.
OR NOT linux-image-4.4.0-1114-snapdragon package in xenial, while related to the CVE in some way, is not affected.
|
|