CVE-2015-5231

Priority
Description
The service daemon in CRIU does not properly restrict access to
non-dumpable processes, which allows local users to obtain sensitive
information via (1) process dumps or (2) ptrace access.
Package
Source: criu (LP Ubuntu Debian)
Upstream:released (1.8-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.6-1ubuntu1~ubuntu16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.6-1ubuntu1~ubuntu16.04.2)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (2.6-1ubuntu1~ubuntu16.04.2)
Ubuntu 19.04 (Disco Dingo):not-affected (2.6-1ubuntu1~ubuntu16.04.2)
More Information

Updated: 2019-01-14 22:18:12 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)