Comment 4 for bug 1917904

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Nice report Mal, thanks.

CVE-2021-32547 (openjdk-lts) -- add_info() arbitary file read
CVE-2021-32548 (openjdk-8) -- add_info() arbitary file read
CVE-2021-32549 (openjdk-13) -- add_info() arbitary file read
CVE-2021-32550 (openjdk-14) -- add_info() arbitary file read
CVE-2021-32551 (openjdk-15) -- add_info() arbitary file read
CVE-2021-32552 (openjdk-16) -- add_info() arbitary file read
CVE-2021-32553 (openjdk-17) -- add_info() arbitary file read
CVE-2021-32554 (xorg) -- attach_3d_info() arbitrary file read
CVE-2021-32555 (xorg-hwe-18.04) -- attach_3d_info() arbitrary file read
CVE-2021-32556 (apport) -- get_modified_conffiles() incorrect changed files
CVE-2021-32557 (apport) -- process_report() arbitrary file write

I'm not sure about the fs.protected_symlinks aspect -- perhaps some apport users need to have this feature disabled for some reason, we shouldn't leave them entirely out in the cold -- but the fact that a simple configuration option that we turn on by default mitigates this entire class of problems is compelling.

Should we raise the fs.protected_symlinks handling on oss-security for wider discussion? Perhaps it's time we just treat that as an expected kernel feature.

Thanks