[manjaro-security] [MSA-201610-1] linuxXXX & linuxXX: privilege escalation
Philip Müller
philm at manjaro.org
Mon Oct 24 21:34:04 CEST 2016
Manjaro Linux Security Advisory MSA-201610-1
=============================================
Severity: High
Date : 2016-10-23
CVE-ID : CVE-2016-5195
Packages: linux310, linux312, linux314, linux316, linux318,
linux41, linux42, linux44, linux46, linux47,
linux48, linux49, linux-rt-manjaro, linux-rt-lts-manjaro
Type : privilege escalation
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
All linux packages older than the following packages are vulnerable
to privilege escalation:
- Linux310 3.10.104-1
- Linux312 3.12.66-1
- Linux316 3.16.38-1
- Linux318 3.18.43-1
- Linux41 4.1.34-1
- Linux44 4.4.27-1
- Linux47 4.7.10-1
- Linux48 4.8.4-1
- Linux49 4.9rc2-0
- Linux-RT-LTS 4.4.27_rt35-1
- Linux-RT 4.8.4_rt2-1
Resolution
==========
Upgrade to 4.8.3-1.
# pacman pacman -Syu $(mhwd-kernel -li | grep '*' | cut -d* -f2)
The problem has been fixed upstream in already listed versions above.
Workaround
==========
None.
Description
===========
A race condition was found in the way the Linux kernel's memory
subsystem handled the copy-on-write (COW) breakage of private read-only
memory mappings. An unprivileged local user could use this flaw to gain
write access to otherwise read-only memory mappings and thus increase
their privileges on the system.
Impact
======
An unprivileged local attacker is able to elevate their privileges on
the system and gain root access.
References
==========
https://bugzilla.redhat.com/show_bug.cgi?id=1384344
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
https://access.redhat.com/security/cve/CVE-2016-5195
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20161024/85fdffcf/attachment.pgp>
More information about the manjaro-security
mailing list