Article ID: 116010, created on Apr 24, 2013, last review on May 11, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.6
-----------------------------------------------------------------------
Synopsis:          New Parallels Virtuozzo Containers 4.6 kernel
                   provides an update with security fixes.
Product:           Parallels Virtuozzo Containers 4.6
Keywords:          "bugfix" "security"

-----------------------------------------------------------------------

This document provides information on the new Parallels Virtuozzo Containers 4.6 kernel, version 2.6.18-028stab107.1.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Virtuozzo Containers 4.6 kernel provides a
new kernel based on the Red Hat Enterprise Linux 5.9 kernel (2.6.18-348.4.1.el5).
The updated kernel includes a number of security fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* A flaw was found in the Xen netback driver implementation in the Linux
kernel. A privileged guest user with access to a paravirtualized network
device could use this flaw to cause a long loop in netback, leading to a
denial of service that could potentially affect the entire system.
(CVE-2013-0216)

* A flaw was found in the Xen PCI device back-end driver implementation in
the Linux kernel. A privileged guest user in a guest that has a PCI
passthrough device could use this flaw to cause a denial of service that
could potentially affect the entire system. (CVE-2013-0231)

* A NULL pointer dereference flaw was found in the IP packet transformation
framework (XFRM) implementation in the Linux kernel. A local user with the
CAP_NET_ADMIN capability could use this flaw to cause a denial of service. 
(CVE-2013-1826)

* Information leak flaws were found in the XFRM implementation in the
Linux kernel. A local user with the CAP_NET_ADMIN capability could use
these flaws to leak kernel stack memory to user space. (CVE-2012-6537)

* An information leak flaw was found in the logical link control (LLC)
implementation in the Linux kernel. A local, unprivileged user could use
this flaw to leak kernel stack memory to user space. (CVE-2012-6542)

* Two information leak flaws were found in the Linux kernel's Asynchronous
Transfer Mode (ATM) subsystem. A local, unprivileged user could use these
flaws to leak kernel stack memory to user space. (CVE-2012-6546)

* An information leak flaw was found in the TUN/TAP device driver in the
Linux kernel's networking implementation. A local user with access to a
TUN/TAP virtual interface could use this flaw to leak kernel stack memory
to user space. (CVE-2012-6547) 

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the "vzup2date" utility
included in the Parallels Virtuozzo Containers 4.6 distribution set.

--------------------------------------------------------------------------------

4. REFERENCES

https://www.redhat.com/security/data/cve/CVE-2013-0216.html
https://www.redhat.com/security/data/cve/CVE-2013-0231.html
https://www.redhat.com/security/data/cve/CVE-2013-1826.html 
https://www.redhat.com/security/data/cve/CVE-2012-6537.html
https://www.redhat.com/security/data/cve/CVE-2012-6542.html
https://www.redhat.com/security/data/cve/CVE-2012-6546.html
https://www.redhat.com/security/data/cve/CVE-2012-6547.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2013 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

36627b12981f68a16405a79233409a5e 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF