Important kernel security update: New kernel 2.6.32-042stab137.1; Virtuozzo 6.0 Update 12 Hotfix 39 (6.0.12-3738)¶
Issue date: 2019-04-30
Applies to: Virtuozzo 6.0
Virtuozzo Advisory ID: VZA-2019-033
This update provides a new kernel 2.6.32-042stab137.1 for Virtuozzo 6.0 based on the RHEL 6.10 kernel 2.6.32-754.12.1.el6. The new kernel introduces security and stability fixes.
2. Security Fixes¶
[Important] A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the Linux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. (CVE-2018-13405)
3. Bug Fixes¶
Minor ploop improvements.
4. Installing the Update¶
Install the update by running ‘yum update’ and rebooting the host.