- Committer: Martin Pitt
- Date: 2015-05-13 09:27:04 UTC
- Revision ID: martin.pitt@canonical.com-20150513092704-sepax0ipadwxphmk
SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
program that is suid root or not readable for the user would create
root-owned core files in the current directory of that program. Creating
specially crafted core files in /etc/logrotate.d or similar could then
lead to arbitrary code execution with root privileges. Now core files do
not get written for these kinds of programs, in accordance with the
intention of core(5).
Thanks to Sander Bos for discovering this issue!
(CVE-2015-1324, LP: #1452239)
program that is suid root or not readable for the user would create
root-owned core files in the current directory of that program. Creating
specially crafted core files in /etc/logrotate.d or similar could then
lead to arbitrary code execution with root privileges. Now core files do
not get written for these kinds of programs, in accordance with the
intention of core(5).
Thanks to Sander Bos for discovering this issue!
(CVE-2015-1324, LP: #1452239)
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 ..
|
|||||||
com
|
1369.44.1 | 14 years ago | Matt Zimmerman | Initial implementation of Java crash handling jav |
|
||
crash.java |
1369.44.10 | 14 years ago | Matt Zimmerman | whitespace | 220 bytes |
|
|
|
README |
1369.34.24 | 13 years ago | Martin Pitt | Add handler for uncaught Java exceptions. There is | 514 bytes |
|
|