Article ID: 116026, created on Apr 26, 2013, last review on May 10, 2014

  • Applies to:
  • Virtuozzo 6.0
-----------------------------------------------------------------------
Synopsis:          New Parallels Cloud Server 6.0 kernel provides
                   an update with security and stability fixes.
Product:           Parallels Cloud Server 6.0
Keywords:          "bugfix "stability" "security"

-----------------------------------------------------------------------

This document provides information on the new Parallels Cloud Server 6.0 kernel, version 2.6.32-042stab076.7.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Cloud Server 6.0 kernel provides a new
kernel based on the Red Hat Enterprise Linux 6.3 kernel (2.6.32-279.22.1.el6).
The updated kernel includes a number of security and stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* An integer overflow flaw, leading to a heap-based buffer overflow, was
  found in the way the Intel i915 driver in the Linux kernel handled the
  allocation of the buffer used for relocation copies. A local user with
  console access could use this flaw to cause a denial of service or escalate
  their privileges. (CVE-2013-0913, Important)

* A buffer overflow flaw was found in the way UTF-8 characters were
  converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's
  FAT file system implementation. A local user able to mount a FAT file system
  with the "utf8=1" option could use this flaw to crash the system or,
  potentially, to escalate their privileges. (CVE-2013-1773, Important)

* A race condition in install_user_keyrings(), leading to a NULL pointer
  dereference, was found in the key management facility. A local, unprivileged
  user could use this flaw to cause a denial of service. (CVE-2013-1792,
  Moderate)

* A NULL pointer dereference in the XFRM implementation could allow a local
  user who has the CAP_NET_ADMIN capability to cause a denial of service.
  (CVE-2013-1826, Moderate)

* A NULL pointer dereference in the Datagram Congestion Control Protocol
  (DCCP) implementation could allow a local user to cause a denial of service.
  (CVE-2013-1827, Moderate)

* Information leak flaws in the XFRM implementation could allow a local
  user who has the CAP_NET_ADMIN capability to leak kernel stack memory to
  user space. (CVE-2012-6537, Low)

* Two information leak flaws in the Asynchronous Transfer Mode (ATM)
  subsystem could allow a local, unprivileged user to leak kernel stack memory
  to user space. (CVE-2012-6546, Low)

* An information leak was found in the TUN/TAP device driver in the
  networking implementation. A local user with access to a TUN/TAP virtual
  interface could use this flaw to leak kernel stack memory to user space.
  (CVE-2012-6547, Low)

* An information leak in the Bluetooth implementation could allow a local
  user who has the CAP_NET_ADMIN capability to leak kernel stack memory to
  user space. (CVE-2013-0349, Low)

* A use-after-free flaw was found in the tmpfs implementation. A local user
  able to mount and unmount a tmpfs file system could use this flaw to cause a
  denial of service or, potentially, escalate their privileges.
  (CVE-2013-1767, Low)

* A NULL pointer dereference was found in the Linux kernel's USB Inside Out
  Edgeport Serial Driver implementation. An attacker with physical access to a
  system could use this flaw to cause a denial of service. (CVE-2013-1774, Low)

* An ext4 file system resize by a small value could cause a kernel panic.
  (PSBM-19624)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the "yum" utility included
in the Parallels Cloud Server 6.0 distribution set.

--------------------------------------------------------------------------------

4. REFERENCES

http://rhn.redhat.com/errata/RHSA-2013-0744.html

https://www.redhat.com/security/data/cve/CVE-2012-6537.html
https://www.redhat.com/security/data/cve/CVE-2012-6546.html
https://www.redhat.com/security/data/cve/CVE-2012-6547.html
https://www.redhat.com/security/data/cve/CVE-2013-0349.html
https://www.redhat.com/security/data/cve/CVE-2013-0913.html
https://www.redhat.com/security/data/cve/CVE-2013-1767.html
https://www.redhat.com/security/data/cve/CVE-2013-1773.html
https://www.redhat.com/security/data/cve/CVE-2013-1774.html
https://www.redhat.com/security/data/cve/CVE-2013-1792.html
https://www.redhat.com/security/data/cve/CVE-2013-1826.html
https://www.redhat.com/security/data/cve/CVE-2013-1827.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2013 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

c62e8726973f80975db0531f1ed5c6a2 2897d76d56d2010f4e3a28f864d69223 0dd5b9380c7d4884d77587f3eb0fa8ef

Email subscription for changes to this article
Save as PDF