Ubuntu Security Notice 5343-1 - Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namespaces, when mounted with the non-default allow_userns option set. A local attacker could use this to gain administrative privileges.
f52b839ff13c30e863d5be66f515f639c4bbf6c3ac1911f54911c3a1db6abad1
AUFS (Ubuntu 15.10) suffers from an allow_userns fuse/xattr user namespaces privilege escalation vulnerability.
20b06274c846785d08a17e0785b09b252e022b89872f6b1806dfba387493b3c6