Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2007-4849

Publication date 12 September 2007

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions.

Read the notes from the security team

Status

Package Ubuntu Release Status
linux-source-2.6.15 6.06 LTS dapper
Not affected
linux-source-2.6.17 6.10 edgy
Fixed 2.6.17.1-12.42
linux-source-2.6.20 7.04 feisty
Fixed 2.6.20-16.33
linux-source-2.6.22 7.10 gutsy
Fixed 2.6.22-14.47

Notes

jdstrand

fix in DSA 1378-1 and 1378-2

References

Related Ubuntu Security Notices (USN)

    • USN-574-1
    • Linux kernel vulnerabilities
    • 4 February 2008
    • USN-558-1
    • Linux kernel vulnerabilities
    • 19 December 2007

Other references