Important kernel security update: New kernel 2.6.32-042stab137.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

2019-04-30T00:00:00
ID VZA-2019-032
Type virtuozzo
Reporter Virtuozzo
Modified 2019-04-30T00:00:00

Description

This update provides a new kernel 2.6.32-042stab137.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 based on the RHEL 6.10 kernel 2.6.32-754.12.1.el6. The new kernel introduces security and stability fixes. Vulnerability id: CVE-2018-13405 A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the Linux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not.