MidnightBSD

Advisories for criu

CVE-2015-5228 HIGH

The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
criu checkpoint/restore_in_userspace -
opensuse opensuse 13.2
CVE-2015-5231 LOW

The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
criu checkpoint/restore_in_userspace -
opensuse opensuse 13.2