Article ID: 111157, created on Apr 19, 2011, last review on Apr 17, 2012

  • Applies to:
  • Virtuozzo containers for Linux 4.0

Release notes

-------------------------------------------------------------------------------
Synopsis:          New Parallels Virtuozzo Containers 4.0 kernel provides an
                   update with security and stability fixes and performance
                   improvements
Issue date:        2011-04-19
Product:           Parallels Virtuozzo Containers 4.0
Keywords:          'bugfixing' 'stability' 'security' 'performance'
 
--------------------------------------------------------------------------------
 
This document provides information on the new Parallels Virtuozzo Containers 4.0
kernel, version 2.6.18-028stab089.1
 
--------------------------------------------------------------------------------
TABLE OF CONTENTS
 
1. About This Release
2. Update Description
3. Obtaining New Kernel
4. Installing New Kernel
5. Required RPMs
6. References
 
--------------------------------------------------------------------------------
 
1. ABOUT THIS RELEASE
 
The current update for the Parallels Virtuozzo Containers 4.0 kernel provides a
new kernel based on the new Red Hat 5.6 kernel (2.6.18--238.9.1.el5). The updated
kernel includes a set of performance improvements and a number of security and
stability fixes.
 
--------------------------------------------------------------------------------
 
2. UPDATES DESCRIPTION
 
This update contains fixes for the following issues:
 
* Kernel crash when migrating from vz3.0 (PSBM-7806)
 
* It's impossible to change ipv6 devconf in containers (PSBM-7464)
 
* CPU stats counters could go wrong
 
This update also contains fixes for the following issues:
 
* A missing boundary check was found in the dvb_ca_ioctl() function in the
Linux kernel's av7110 module. On systems that use old DVB cards that
require the av7110 module, a local, unprivileged user could use this flaw
to cause a denial of service or escalate their privileges. (CVE-2011-0521,
Important)
 
* A NULL pointer dereference flaw was found in the Generic Receive Offload
(GRO) functionality in the Linux kernel's networking implementation. If
both GRO and promiscuous mode were enabled on an interface in a virtual LAN
(VLAN), it could result in a denial of service when a malformed VLAN frame
is received on that interface. (CVE-2011-1478, Moderate)
 
* A missing security check in the Linux kernel's implementation of the
install_special_mapping() function could allow a local, unprivileged user
to bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)
 
The new kernel also improves the performance of operations with files.
 
--------------------------------------------------------------------------------
 
3. OBTAINING NEW KERNEL
 
You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.0 distribution set.
 
--------------------------------------------------------------------------------
 
4. INSTALLING NEW KERNEL
 
To install the update, do the following:
 
I. Use the "rpm -ihv" command to install the new kernel and Virtuozzo modules.
 
# rpm -ivh vzkernel-2.6.18-028stab089.1.i686.rpm \
vzmodules-2.6.18-028stab089.1.i686.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [50%]
    2:vzmodules              ################################# [100%]
 
    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.
 
II. You can adjust your boot loader configuration file to have the new kernel
    loaded by default. If you use the LILO bootloader, please do not forget to
    execute the 'lilo' command to write the changes to the boot sector:
 
     # lilo
     Added Virtuozzo2 *
     Added Virtuozzo1
     Added linux
     Added linux-up
 
III. Reboot your computer with the "shutdown -r now" command to boot the new
     kernel.
 
--------------------------------------------------------------------------------
 
5. REQUIRED RPMS
 
Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:
 
x86 kernels:
 
- SMP:
   vzkernel-2.6.18-028stab089.1.i686.rpm
   vzmodules-2.6.18-028stab089.1.i686.rpm
 
- Enterprise:
   vzkernel-ent-2.6.18-028stab089.1.i686.rpm
   vzmodules-ent-2.6.18-028stab089.1.i686.rpm
 
- Enterprise with the 4GB split feature disabled:
   vzkernel-PAE-2.6.18-028stab089.1.i686.rpm
   vzmodules-PAE-2.6.18-028stab089.1.i686.rpm
 
 
x86_64 kernels:
 
- SMP:
   vzkernel-2.6.18-028stab089.1.x86_64.rpm
   vzmodules-2.6.18-028stab089.1.x86_64.rpm
 
--------------------------------------------------------------------------------
 
6. REFERENCES
 
https://rhn.redhat.com/errata/RHSA-2011-0429.html
https://www.redhat.com/security/data/cve/CVE-2010-4346.html
https://www.redhat.com/security/data/cve/CVE-2011-0521.html
https://www.redhat.com/security/data/cve/CVE-2011-0710.html
https://www.redhat.com/security/data/cve/CVE-2011-1010.html
https://www.redhat.com/security/data/cve/CVE-2011-1090.html
https://www.redhat.com/security/data/cve/CVE-2011-1478.html
 
--------------------------------------------------------------------------------
Copyright (c) 1999-2011 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.
 

35c16f1fded8e42577cb3df16429c57a d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF