Article ID: 115789, created on Mar 22, 2013, last review on Apr 25, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.6
-----------------------------------------------------------------------
Synopsis:          New Parallels Virtuozzo Containers 4.6 kernel provides an update with security fixes.
Product:           Parallels Virtuozzo Containers 4.6
Keywords:          "bugfix" "security"

-----------------------------------------------------------------------

This document provides information on the new Virtuozzo Containers 4.6 kernel, version 2.6.18-028stab101.3.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Virtuozzo Containers 4.6 kernel provides a new
kernel based on the Red Hat Enterprise Linux 5.8 kernel (2.6.18-308.8.2.el5).
The updated kernel includes a number of security fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* A flaw was found in the way file permission checks for the
"/dev/cpu/[x]/msr" files were performed in restricted root environments 
(for example, when using a capability-based security model). A local user 
with the ability to write to these files could use this flaw to escalate 
their privileges to the kernel level, for example, by writing to the 
SYSENTER_EIP_MSR register. (CVE-2013-0268)

* A race condition was found in the way the Linux kernel's ptrace
implementation handled PTRACE_SETREGS requests when the debuggee was awakened
due to a SIGKILL signal instead of stopped. A local, unprivileged
user could use this flaw to escalate their privileges. (CVE-2013-0871)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.6 distribution set.

--------------------------------------------------------------------------------

4. REFERENCES

https://www.redhat.com/security/data/cve/CVE-2013-0268.html
https://www.redhat.com/security/data/cve/CVE-2013-0871.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2013 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

36627b12981f68a16405a79233409a5e 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF