Article ID: 112696, created on Nov 3, 2011, last review on Apr 25, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.7

Release notes

--------------------------------------------------------------------------------
Synopsis:          New Parallels Virtuozzo Containers 4.7 kernel provides
                   an update with stability fixes.
Issue date:        2011-11-07
Product:           Parallels Virtuozzo Containers 4.7
Keywords:          'bugfix' 'stability'

--------------------------------------------------------------------------------

This document provides information on the new Virtuozzo Containers 4.7 kernel,
version 2.6.32-042stab039.10.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. Installing New Kernel
5. Required RPMs
6. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Virtuozzo Containers 4.7 kernel provides a new
kernel based on the Red Hat 6.1 kernel (2.6.32-131.17.1.el6). The updated
kernel includes a set of important stability and security fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* IO statistics does not account for writeback data. (PCLIN-30109)

* A kernel crash may occur when stopping a Container with FUSE mount points.
 (PCLIN-30153)

* Sometimes, CPU statistics for Containers may be calculated incorrectly.
 (PCLIN-29270)

* A kernel crash may occur when running the NFSd v4 server in Containers.
 (PCLIN-30121)

* After migrating a Container using the online migration type, the Container
  may lose permissions on Unix sockets. (PCLIN-30133)

* Stopping a Container running the NFSd server may cause a kernel crash.
 (PCLIN-30209)

* The disk cache may get corrupted when running a Container on ext4.
 (PCLIN-30223)

* A deadlock may happen in the vzstat module. (PCLIN-30247)

* A kernel panic may occur when the vzwdog module is loaded. (PCLIN-30296)

* Backing up a running Container may cause a deadlock at the stage of scanning
  an inconsistent filesystem. (PCLIN-30292)

This update also includes fixes for the following RHEL issues:

* A race condition flaw was found in the Linux kernel's eCryptfs
implementation. A local attacker could use the mount.ecryptfs_private
utility to mount (and then access) a directory they would otherwise not
have access to. Note: To correct this issue, the RHSA-2011:1241
ecryptfs-utils update, which provides the user-space part of the fix, must
also be installed. (CVE-2011-1833, Moderate)

* A denial of service flaw was found in the way the taskstats subsystem
handled the registration of process exit handlers. A local, unprivileged
user could register an unlimited amount of these handlers, leading to
excessive CPU time and memory use. (CVE-2011-2484, Moderate)

* A flaw was found in the way mapping expansions were handled. A local,
unprivileged user could use this flaw to cause a wrapping condition,
triggering a denial of service. (CVE-2011-2496, Moderate)

* A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO
(Generic Receive Offload) fields being left in an inconsistent state. An
attacker on the local network could use this flaw to trigger a denial of
service. GRO is enabled by default in all network drivers that support it.
(CVE-2011-2723, Moderate)

* Flaws were found in the tpacket_rcv() and packet_recvmsg() functions in
the Linux kernel. A local, unprivileged user could use these flaws to leak
information to user-space. (CVE-2011-2898, Low)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.7 distribution set.

--------------------------------------------------------------------------------

4. INSTALLING NEW KERNEL

To install the update, do the following:

I. Use the "rpm -ihv" command to install the new kernel and Virtuozzo modules.

# rpm -ivh vzkernel-2.6.32-042stab039.10.i686.rpm \
vzmodules-2.6.32-042stab039.10.i686.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [50%]
    2:vzmodules              ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
    loaded by default. If you use the LILO bootloader, please do not forget to
    execute the 'lilo' command to write the changes to the boot sector:

     # lilo
     Added Virtuozzo2 *
     Added Virtuozzo1
     Added linux
     Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new
     kernel.

--------------------------------------------------------------------------------

5. REQUIRED RPMS

Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- SMP:
   vzkernel-2.6.32-042stab039.10.i686.rpm
   vzmodules-2.6.32-042stab039.10.i686.rpm

- Enterprise:
   vzkernel-ent-2.6.32-042stab039.10.i686.rpm
   vzmodules-ent-2.6.32-042stab039.10.i686.rpm

- Enterprise with the 4GB split feature disabled:
   vzkernel-PAE-2.6.32-042stab039.10.i686.rpm
   vzmodules-PAE-2.6.32-042stab039.10.i686.rpm


x86_64 kernels:

- SMP:
   vzkernel-2.6.32-042stab039.10.x86_64.rpm
   vzmodules-2.6.32-042stab039.10.x86_64.rpm

--------------------------------------------------------------------------------

6. REFERENCES

https://rhn.redhat.com/errata/RHSA-2011-1350.html
https://www.redhat.com/security/data/cve/CVE-2011-1833.html
https://www.redhat.com/security/data/cve/CVE-2011-2484.html
https://www.redhat.com/security/data/cve/CVE-2011-2496.html
https://www.redhat.com/security/data/cve/CVE-2011-2723.html
https://www.redhat.com/security/data/cve/CVE-2011-2898.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2011 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

0c05f0c76fec3dd785e9feafce1099a9 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF