[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add details on hardlinks vulnerability, incl #889098
Antoine Beaupré
anarcat at debian.org
Fri Feb 2 15:39:26 UTC 2018
Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b91a2de9 by Antoine Beaupré at 2018-02-02T10:39:05-05:00
add details on hardlinks vulnerability, incl #889098
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -533,7 +533,8 @@ CVE-2017-18078 (systemd-tmpfiles in systemd before 237 attempts to support ...)
- systemd 237-1 (unimportant)
NOTE: https://github.com/systemd/systemd/issues/7736
NOTE: https://github.com/systemd/systemd/commit/5579f85663d10269e7ac7464be6548c99cea4ada (v237)
- NOTE: Neutralised by kernel hardening
+ NOTE: Neutralised by kernel hardening shipped with Debian, but not upstream Linux
+ NOTE: workaround: sysctl fs.protected_hardlinks=1, see also #889098
CVE-2018-6362
RESERVED
CVE-2018-6361
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b91a2de936781f796d7bc6882d8383fa2459b72b
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b91a2de936781f796d7bc6882d8383fa2459b72b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180202/06cf1620/attachment.html>
More information about the Secure-testing-commits
mailing list