528932 – sys-kernel/openvz-sources-2.6.32.93.5: Fix access to the host filesystem from inside a container (#PSBM-29594)

Bug 528932 - sys-kernel/openvz-sources-2.6.32.93.5: Fix access to the host filesystem from inside a container (#PSBM-29594)

Summary: sys-kernel/openvz-sources-2.6.32.93.5: Fix access to the host filesystem from...

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://openvz.org/Download/kernel/rh...
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2014-11-11 16:18 UTC by Tiago Sousa
Modified:	2016-02-24 12:43 UTC (History)
CC List:	3 users (show)

See Also:	524182 520228 CVE-2014-5045 516900
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tiago Sousa 2014-11-11 16:18:16 UTC

From http://kb.sp.parallels.com/en/123301:

«A vulnerability in the RHEL6-based kernel discovered during internal security audit could allow access to the host filesystem from inside a Container. Only the kernels from 2.6.32-042stab057.1 to 2.6.32-042stab093.5 are affected. Kernel update is highly recommended. (#PSBM-29594)»

The problem is fixed in 042stab094.7: https://openvz.org/Download/kernel/rhel6/042stab094.7

This is a critical vulnerability, please update ebuilds ASAP.

Reproducible: Always

Comment 1 Tiago Sousa 2015-01-02 22:06:24 UTC

The ebuild has been bumped to openvz-sources-2.6.32.94.7, so I guess this can be closed. I'm not doing it because of the notice which claims the Security Team will take care of that. Thanks!

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2016-02-20 04:21:00 UTC

This bug is old.  No vulnerable versions in tree.