Rebel

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.8.12 **Description** The issue exists due to insufficient checking of a resource's state when it can be shared, allowing a local attacker to potentially gain privileges or cause a denial of service (use-after-free) by exploiting the CAP NET RAW capability to change a socket version. This is related to the `packet set ring` and `packet setsockopt` functions. **Recommendations** For Linux kernel versions prior to 4.8.12, update to version 4.8.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CAP NET RAW capability to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3.3 Linux kernel (affected versions not specified) **Description** The issue allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. This is due to the ovl setattr function in fs/overlayfs/inode.c attempting to merge distinct setattr operations. **Recommendations** For versions prior to 4.3.3, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability in other affected versions.

**Name of the Vulnerable Software and Affected Versions** ABRT versions prior to 2.7.1 **Description** The issue allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name. This can be demonstrated by files such as /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump. **Recommendations** For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11 **Description** The issue is related to insufficient access controls in the remote cmds component, specifically affecting the rsh functionality. It allows a local attacker to exploit environment variables and gain root privileges. **Recommendations** For Apple OS X versions prior to 10.11, update to version 10.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the rsh functionality in the remote cmds component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apport versions prior to 2.17.2-0ubuntu1.1 Apport versions prior to 2.14.70ubuntu8.5 Apport versions prior to 2.14.1-0ubuntu3.11 Apport versions prior to 2.0.1-0ubuntu17.9 **Description** A race condition issue allows local users to write to arbitrary files and gain root privileges. **Recommendations** For Apport version prior to 2.17.2-0ubuntu1.1, update to version 2.17.2-0ubuntu1.1 or later. For Apport version prior to 2.14.70ubuntu8.5, update to version 2.14.70ubuntu8.5 or later. For Apport version prior to 2.14.1-0ubuntu3.11, update to version 2.14.1-0ubuntu3.11 or later. For Apport version prior to 2.0.1-0ubuntu17.9, update to version 2.0.1-0ubuntu17.9 or later.

**Name of the Vulnerable Software and Affected Versions** linux (aka Linux kernel) versions prior to 3.19.0-21.21 in Ubuntu through 15.04 **Description** The issue is related to the overlayfs implementation, which does not properly check permissions for file creation in the upper filesystem directory. This allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. **Recommendations** For versions prior to 3.19.0-21.21 in Ubuntu through 15.04, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.13.2 **Description** The issue allows local users to gain privileges via a recvmmsg system call with a crafted `timeout` pointer parameter. This is related to the `compat sys recvmmsg` function in `net/compat.c` when `CONFIG X86 X32` is enabled. **Recommendations** For Linux kernel versions prior to 3.13.2, update to version 3.13.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `recvmmsg` system call to minimize the risk of exploitation.