AXSA:2019-3870:02

Release date: 
Thursday, May 9, 2019 - 08:18
Subject: 
kernel-2.6.32-754.12.1.el6
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* sched/sysctl: Check user input value of sysctl_sched_time_avg (BZ#1579128)

* unable to handle kernel NULL pointer dereference at 000000000000005d in tcp_enter_frto 0x102 (BZ#1585892)

* qla2xxx: Mask Off Scope bits for Retry delay timer in the driver (BZ#1588133)

* [PATCH] perf: Fix a race between ring_buffer_detach() and ring_buffer_wakeup() (BZ#1589340)

* RHEL6.10 - kernel: improve spectre mitigation for s390x (BZ#1625381)

* kernel panic due to NULL pointer dereference in __wake_up_common through perf_event_wakeup (BZ#1627672)

* After upgrading from rhel 6.9 to rhel 6.10, files in a cifs share can't be read (BZ#1636484)

* Retpoline impact on vdso gettimeofday performance (BZ#1638552)

* [RHEL 6.10] 32-bit kernel-2.6.32-754.3.5 registers the swap of 4k size only (BZ#1670328)

CVE-2018-13405
The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
1. kernel-2.6.32-754.12.1.el6.src.rpm
md5sum: 62b692f87ebdc0ba1b55e89ce839a3d3
sha256sum: 4ded3b431ae904eee5765561c0753aa6f125b8f93ece4cc62599e7eead7ef598
Size: 130,594 Kb
Copyright© 2007-2015 Asianux. All rights reserved.