Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 528932

Summary: sys-kernel/openvz-sources-2.6.32.93.5: Fix access to the host filesystem from inside a container (#PSBM-29594)
Product: Gentoo Security Reporter: Tiago Sousa <tiagosousa>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED OBSOLETE    
Severity: normal CC: andreis.vinogradovs, proxy-maint, pva
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://openvz.org/Download/kernel/rhel6/042stab094.7
See Also: https://bugs.gentoo.org/show_bug.cgi?id=524182
https://bugs.gentoo.org/show_bug.cgi?id=520228
https://bugs.gentoo.org/show_bug.cgi?id=518108
https://bugs.gentoo.org/show_bug.cgi?id=516900
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---

Description Tiago Sousa 2014-11-11 16:18:16 UTC 
From http://kb.sp.parallels.com/en/123301:

«A vulnerability in the RHEL6-based kernel discovered during internal security audit could allow access to the host filesystem from inside a Container. Only the kernels from 2.6.32-042stab057.1 to 2.6.32-042stab093.5 are affected. Kernel update is highly recommended. (#PSBM-29594)»

The problem is fixed in 042stab094.7: https://openvz.org/Download/kernel/rhel6/042stab094.7

This is a critical vulnerability, please update ebuilds ASAP.

Reproducible: Always
Comment 1 Tiago Sousa 2015-01-02 22:06:24 UTC 
The ebuild has been bumped to openvz-sources-2.6.32.94.7, so I guess this can be closed. I'm not doing it because of the notice which claims the Security Team will take care of that. Thanks!
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-02-20 04:21:00 UTC 
This bug is old.  No vulnerable versions in tree.