Article ID: 112382, created on Sep 26, 2011, last review on May 9, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.0

Release notes

--------------------------------------------------------------------------------
Synopsis:          New Parallels Virtuozzo Containers 4.0 kernel provides an update with security and stability fixes.
Issue date:        09-30-2011
Product:           Parallels Virtuozzo Containers 4.0
Keywords:          "bugfixing" "stability" "security"

--------------------------------------------------------------------------------

This document provides information on the new Parallels Virtuozzo Containers 4.0
kernel, version 2.6.18-028stab094.3.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Update Description
3. Obtaining New Kernel
4. Installing New Kernel
5. Required RPMs
6. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Virtuozzo Containers 4.0 kernel provides a
new kernel based on the Red Hat 5.7 kernel (2.6.18-274.3.1.el5). The updated
kernel includes a number of security and stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* A kernel panic could occur due to a bug in the bridge code. (OVZ# 1933)

* Under certain circumstances, after a failed online migration, the resulting
  Container on the destination node could be left in the running state, with
  no active processes inside. (PCLIN-30097)

* The "netpoll over bridge" feature has been disabled on the server to avoid
  kernel panics that may be caused by a use-after-free bug. (PCLIN-30149)

* A new interface for the PMC-Sierra's SRC based controller family has been
  added to the aacraid driver. (PCLIN-30095)


This update also contains fixes for the following security issues:

* A NULL pointer dereference flaw was found in the Linux kernel's Stream
  Control Transmission Protocol (SCTP) implementation. A remote attacker could
  send a specially-crafted SCTP packet to a target system, resulting in a
  denial of service. (CVE-2011-2482, Important)

* A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)
  implementation could allow a local, unprivileged user to cause a denial of
  service. (CVE-2011-2491, Important)

* Buffer overflow flaws in the Linux kernel's netlink-based wireless
  configuration interface implementation could allow a local user, who has the
  CAP_NET_ADMIN capability, to cause a denial of service or escalate their
  privileges on systems that have an active wireless interface.
  (CVE-2011-2517, Important)

* /proc/[PID]/io is world-readable by default. Previously, these files
  could be read without any further restrictions. A local, unprivileged user
  could read these files, belonging to other, possibly privileged processes to
  gather confidential information, such as the length of a password used in a
  process. (CVE-2011-2495, Low)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.0 distribution set.

--------------------------------------------------------------------------------

4. INSTALLING NEW KERNEL

To install the update, do the following:

I. Use the "rpm -ihv" command to install the new kernel and Virtuozzo modules.

# rpm -ivh vzkernel-2.6.18-028stab094.3.i686.rpm \
vzmodules-2.6.18-028stab094.3.i686.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [50%]
    2:vzmodules              ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
    loaded by default. If you use the LILO bootloader, please do not forget to
    execute the "lilo" command to write the changes to the boot sector:

     # lilo
     Added Virtuozzo2 *
     Added Virtuozzo1
     Added linux
     Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new
     kernel.

--------------------------------------------------------------------------------

5. REQUIRED RPMS

Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- SMP:
   vzkernel-2.6.18-028stab094.3.i686.rpm
   vzmodules-2.6.18-028stab094.3.i686.rpm

- Enterprise:
   vzkernel-ent-2.6.18-028stab094.3.i686.rpm
   vzmodules-ent-2.6.18-028stab094.3.i686.rpm

- Enterprise with the 4GB split feature disabled:
   vzkernel-PAE-2.6.18-028stab094.3.i686.rpm
   vzmodules-PAE-2.6.18-028stab094.3.i686.rpm


x86_64 kernels:

- SMP:
   vzkernel-2.6.18-028stab094.3.x86_64.rpm
   vzmodules-2.6.18-028stab094.3.x86_64.rpm

--------------------------------------------------------------------------------

6. REFERENCES

https://rhn.redhat.com/errata/RHSA-2011-1212.html
https://www.redhat.com/security/data/cve/CVE-2011-2482.html
https://www.redhat.com/security/data/cve/CVE-2011-2491.html
https://www.redhat.com/security/data/cve/CVE-2011-2495.html
https://www.redhat.com/security/data/cve/CVE-2011-2517.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2011 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

35c16f1fded8e42577cb3df16429c57a d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF