ALT-PU-2015-1533-1
Package kernel-image-ovz-rhel updated to version 2.6.18-alt13.M51.42 for branch 5.1 in task 145365.
Closed vulnerabilities
Published: 2015-11-16
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-2925
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65
- SUSE-SU-2015:2194
- SUSE-SU-2015:2194
- SUSE-SU-2015:2292
- SUSE-SU-2015:2292
- SUSE-SU-2016:0335
- SUSE-SU-2016:0335
- SUSE-SU-2016:0337
- SUSE-SU-2016:0337
- SUSE-SU-2016:0380
- SUSE-SU-2016:0380
- SUSE-SU-2016:0381
- SUSE-SU-2016:0381
- SUSE-SU-2016:0383
- SUSE-SU-2016:0383
- SUSE-SU-2016:0384
- SUSE-SU-2016:0384
- SUSE-SU-2016:0386
- SUSE-SU-2016:0386
- SUSE-SU-2016:0387
- SUSE-SU-2016:0387
- SUSE-SU-2016:0434
- SUSE-SU-2016:0434
- [containers] 20150403 [PATCH review 17/19] vfs: Test for and handle paths that are unreachable from their mnt_root
- [containers] 20150403 [PATCH review 17/19] vfs: Test for and handle paths that are unreachable from their mnt_root
- [containers] 20150403 [PATCH review 19/19] vfs: Do not allow escaping from bind mounts.
- [containers] 20150403 [PATCH review 19/19] vfs: Do not allow escaping from bind mounts.
- http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78
- http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78
- RHSA-2015:2636
- RHSA-2015:2636
- RHSA-2016:0068
- RHSA-2016:0068
- DSA-3364
- DSA-3364
- DSA-3372
- DSA-3372
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4
- [oss-security] 20150404 Re: Linux namespaces: It is possible to escape from bind mounts
- [oss-security] 20150404 Re: Linux namespaces: It is possible to escape from bind mounts
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 73926
- 73926
- USN-2792-1
- USN-2792-1
- USN-2794-1
- USN-2794-1
- USN-2795-1
- USN-2795-1
- USN-2798-1
- USN-2798-1
- USN-2799-1
- USN-2799-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1209367
- https://bugzilla.redhat.com/show_bug.cgi?id=1209367
- https://bugzilla.redhat.com/show_bug.cgi?id=1209373
- https://bugzilla.redhat.com/show_bug.cgi?id=1209373
- https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37
- https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37
- https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65
- https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65