Article ID: 115901, created on Apr 4, 2013, last review on May 11, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.6
-----------------------------------------------------------------------
Synopsis:          New Parallels Virtuozzo Containers 4.6 kernel
                   provides an update with security and stability
                   fixes.
Product:           Parallels Virtuozzo Containers 4.6
Keywords:          "bugfix" "security"

-----------------------------------------------------------------------

This document provides information on the new Virtuozzo Containers 4.6 kernel, version 2.6.18-028stab106.2.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Virtuozzo Containers 4.6 kernel provides a new
kernel based on the Red Hat Enterprise Linux 5.9 kernel (2.6.18-348.3.1.el5).
The updated kernel includes a number of security and stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* Checkpoint/restore for non-persistent TUN devices was broken in the
2.6.18-028stab093.x kernels. As a result, restoring Containers with an enabled
OpenVPN tunnel would crash the Node. (OVZ 2459)

* A double free error in the names_cachep structure could occur when performing
an Acronis-based backup on a Node with the audit component turned on. Potentially,
this double free error could also lead to a kernel panic. (PCLIN-31451)

* Overflow in the TSC/vDSO version of gettimeofday() was fixed. Due to this problem,
sporadic time switches with the constant delta of 208.5 days were observed inside
a CentOS6 Container on the Node with unstable tsc. (OVZ 2337)

The new kernel also includes a number of security fixes from Red Hat Enterprise
Linux 5 kernels:

* The fix for CVE-2011-1083 (RHSA-2012:0150) introduced a flaw in the way
the Linux kernel's Event Poll (epoll) subsystem handled resource cleanups
when an ELOOP error code was returned. A local, unprivileged user could use
this flaw to cause a denial of service. (CVE-2012-3375, 2.6.18-308.11.1.el5)

* A flaw was found in the way the Linux kernel's dl2k driver, used by
certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local,
unprivileged user could use this flaw to issue potentially harmful IOCTLs,
which could cause Ethernet adapters using the dl2k driver to malfunction
(for example, it could lose network connectivity). (CVE-2012-2313,
2.6.18-308.13.1.el5)

* A flaw was found in the way socket buffers (skb) requiring TSO (TCP
segment offloading) were handled by the sfc driver. If the skb did not fit
within the minimum size of the transmission queue, the network card could
start resetting itself repeatedly. A remote attacker could use this flaw
to cause a denial of service. (CVE-2012-3412, 2.6.18-308.16.1.el5)

* A use-after-free flaw was found in the xacct_add_tsk() function in the
Linux kernel's taskstats subsystem. A local, unprivileged user could use
this flaw to cause an information leak or a denial of service.
(CVE-2012-3510, 2.6.18-308.16.1.el5)

* A buffer overflow flaw was found in the hfs_bnode_read() function in the
HFS Plus (HFS+) file system implementation in the Linux kernel. A local
user able to mount a specially crafted HFS+ file system image could use
this flaw to cause a denial of service or escalate their privileges.
(CVE-2012-2319, 2.6.18-308.16.1.el5)

* A flaw was found in the way the msg_namelen variable in the rds_recvmsg()
function of the Linux kernel's Reliable Datagram Sockets (RDS) protocol
implementation was initialized. A local, unprivileged user could use this
flaw to leak kernel stack memory to user space. (CVE-2012-3430,
2.6.18-308.16.1.el5)

* It was found that the RHSA-2010:0178 update did not correctly fix the
CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A
local, unprivileged user with the ability to mount an ext4 file system
could use this flaw to cause a denial of service. (CVE-2012-2100,
2.6.18-308.20.1.el5)

* A race condition in the way asynchronous I/O and fallocate() interacted
when using ext4 could allow a local, unprivileged user to obtain random
data from a deleted file. (CVE-2012-4508, 2.6.18-308.24.1.el5)

* A flaw in the way the Xen hypervisor implementation range checked guest
provided addresses in the XENMEM_exchange hypercall could allow a
malicious, paravirtualized guest administrator to crash the hypervisor or,
potentially, escalate their privileges, allowing them to execute arbitrary
code at the hypervisor level. (CVE-2012-5513, 2.6.18-308.24.1.el5)

* A flaw in the Reliable Datagram Sockets (RDS) protocol implementation
could allow a local, unprivileged user to cause a denial of service.
(CVE-2012-2372, 2.6.18-308.24.1.el5)

* A race condition in the way access to inet->opt ip_options was
synchronized in the Linux kernel's TCP/IP protocol suite implementation.
Depending on the network-facing applications running on the system, a
remote attacker could possibly trigger this flaw to cause a denial of
service. A local, unprivileged user could use this flaw to cause a denial
of service, regardless of the applications running on the system. 
(CVE-2012-3552, 2.6.18-308.24.1.el5)

* The Xen hypervisor implementation did not properly restrict the period
values used to initialize per VCPU periodic timers. A privileged guest user
could cause an infinite loop on the physical CPU. If the watchdog was
enabled, it would detect said loop and panic the host system.
(CVE-2012-4535, 2.6.18-308.24.1.el5)

* A flaw in the way the Xen hypervisor implementation handled
set_p2m_entry() error conditions could allow a privileged,
fully-virtualized guest user to crash the hypervisor. (CVE-2012-4537,
2.6.18-308.24.1.el5)

* It was found that the Xen hypervisor implementation did not perform
range checking on the guest provided values in multiple hypercalls. A
privileged guest user could use this flaw to trigger long loops, leading
to a denial of service (Xen hypervisor hang). (CVE-2012-5515,
2.6.18-348.1.1.el5)

* It was found that when running a 32-bit binary that uses a large number
of shared libraries, one of the libraries would always be loaded at a
predictable address in memory. An attacker could use this flaw to bypass
the Address Space Layout Randomization (ASLR) security feature.
(CVE-2012-1568, 2.6.18-348.1.1.el5)

* A flaw was found in the way the Linux kernel's IPv6 implementation
handled overlapping, fragmented IPv6 packets. A remote attacker could
potentially use this flaw to bypass protection mechanisms (such as a
firewall or intrusion detection system (IDS)) when sending network packets
to a target system. (CVE-2012-4444, 2.6.18-348.1.1.el5)

* Buffer overflow flaws were found in the udf_load_logicalvol() function in
the Universal Disk Format (UDF) file system implementation in the Linux
kernel. An attacker with physical access to a system could use these flaws
to cause a denial of service or escalate their privileges. (CVE-2012-3400,
2.6.18-348.2.1.el5)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.6 distribution set.

--------------------------------------------------------------------------------

4. REFERENCES

http://rhn.redhat.com/errata/RHSA-2013-0621.html

https://www.redhat.com/security/data/cve/CVE-2012-3375.html
https://www.redhat.com/security/data/cve/CVE-2012-2313.html
https://www.redhat.com/security/data/cve/CVE-2012-2319.html
https://www.redhat.com/security/data/cve/CVE-2012-3412.html
https://www.redhat.com/security/data/cve/CVE-2012-3430.html
https://www.redhat.com/security/data/cve/CVE-2012-3510.html
https://www.redhat.com/security/data/cve/CVE-2012-2100.html
https://www.redhat.com/security/data/cve/CVE-2012-2372.html
https://www.redhat.com/security/data/cve/CVE-2012-3552.html
https://www.redhat.com/security/data/cve/CVE-2012-4508.html
https://www.redhat.com/security/data/cve/CVE-2012-4535.html
https://www.redhat.com/security/data/cve/CVE-2012-4537.html
https://www.redhat.com/security/data/cve/CVE-2012-5513.html
https://www.redhat.com/security/data/cve/CVE-2012-1568.html
https://www.redhat.com/security/data/cve/CVE-2012-4444.html
https://www.redhat.com/security/data/cve/CVE-2012-5515.html
https://www.redhat.com/security/data/cve/CVE-2012-3400.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2013 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

36627b12981f68a16405a79233409a5e 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF