CVE-2015-5228

NameCVE-2015-5228
DescriptionThe service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs797111

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
criu (PTS)bookworm3.17.1-2fixed
sid, trixie3.17.1-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
criusource(unstable)1.8-2797111

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=1255782

Search for package or bug name: Reporting problems