Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Fix Version/s: OpenVZ-legacy
-
Component/s: Containers::Kernel
-
Security Level: Public
-
Environment:Operating System: RHEL/CentOS 6
Platform: All
-
External issue URL:
-
External issue ID:3256
Description
IRC nick TheJH reported in the #openvz IRC channel on June 10th... that CVE-2015-2925 affects the EL6-based OpenVZ kernel with simfs-based containers... and that it is trival to modify files on the host system (thinks like /etc/shadow). Red Hat doesn't seem interested in fixing this bug as seen here:
https://access.redhat.com/security/cve/CVE-2015-2925
They say it affects their EL6 and EL7 kernels and that.. "Future kernel updates for Red Hat Enterprise Linux 6 and 7 and Red Hat Enterprise MRG 2 may address this issue."
I'm guessing it is going to take OpenVZ intervention to get this bug fixed in the OpenVZ kernel.
Luckily all of my containers are using ploop-based storage which, so far as we know, are not affected by this bug.
https://access.redhat.com/security/cve/CVE-2015-2925
They say it affects their EL6 and EL7 kernels and that.. "Future kernel updates for Red Hat Enterprise Linux 6 and 7 and Red Hat Enterprise MRG 2 may address this issue."
I'm guessing it is going to take OpenVZ intervention to get this bug fixed in the OpenVZ kernel.
Luckily all of my containers are using ploop-based storage which, so far as we know, are not affected by this bug.
