Summary: | kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | arthur |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2018/q3/35 | ||
Whiteboard: | A1 [noglsa cve] | ||
Package list: |
sys-kernel/gentoo-sources-4.14.61
sys-kernel/gentoo-sources-4.9.118
sys-kernel/gentoo-sources-4.4.146
|
Runtime testing required: | --- |
Bug Depends on: | 663744 | ||
Bug Blocks: | 663014 |
Description
GLSAMaker/CVETool Bot
2018-08-07 11:35:58 UTC
Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 Fixes available in: 4.17: >=sys-kernel/gentoo-sources-4.17.7 4.14: >=sys-kernel/gentoo-sources-4.14.56 4.9: >=sys-kernel/gentoo-sources-4.9.113 4.4: >=sys-kernel/gentoo-sources-4.4.141 x86 stable amd64 stable Superseded by bug 663744, moving. |