Article ID: 116614, created on Aug 1, 2013, last review on Apr 25, 2014

  • Applies to:
  • Virtuozzo hypervisor 5.0
Synopsis:          New Parallels Server Bare Metal 5.0 kernel provides
                   an update with a fix for an important stability issue.
Issue date:        2013-08-01
Product:           Parallels Server Bare Metal 5.0
Keywords:          'bugfix' 'stability' 'security'
This document provides information on the new Parallels Server Bare Metal 5.0
kernel, version 2.6.32-042stab079.4.
1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References
The current update for the Parallels Server Bare Metal 5.0 kernel provides a new
kernel based on the Red Hat Enterprise Linux 6.4 kernel (2.6.32-358.14.1.el6).
The updated kernel includes a number of security, performance, and stability
This update contains fixes for the following issues:
* Information leak flaws in the ploop and quota kernel code could allow a local,
  unprivileged user to leak kernel memory to user space. (PSBM-20690,

* A kernel BUG could be triggered in nf_nat_setup_info() function under certain
  circumstances. (PCLIN-31920)
* Creation of nested pid namespaces inside Containers was disabled. (PSBM-20670)
* "Holy Crap X" debug messages previously printed by the checkpoint code were
  substituted with user friendly reports.
* The issues with Parallels Virtuozzo Containers 4.7 kernel compilation with gcc
  4.5 compiler were eliminated.
* The ARAT feature bit is now set for AMD CPUs. This improves performance on AMD
  Opteron 62xx-based systems.
* The NFS server kernel code was enhanced to return file system superblock time
  granulaty on FSINFO request. This enhancement provides a performance boost
  because inodes are not revalidated most of the time. The performance increase
  can be gained only if the NFS server node runs the Parallels Virtuozzo
  Containers 4.7 kernel and the filesystem exported by the NFS server resides on
  an ext4 filesystem. (PCLIN-31863)
* The tcpsndbuf resource counter leak was eliminated. It produced messages like
  "Ub 17843 helds 13080 in tcpsndbuf on put" on Container stops. The issue was
  not a real memory leak, just a counter malfunction. (PCLIN-31931)
* The online permission restrictions for devices provided to Containers were
  corrected. (PSBM-19097)
* Collisions of inode numbers could cause kernel panic on node reboot, if the
  node used the Rebootless Kernel Update feature. (PCLIN-31948)
* A new per-node '' sysctl was introduced. It allows customizing
  the per-Container limit for allowed mount points (4096 by default).
* The issue with license synchronization between different compoments of
  Parallels products was fixed. (PSBM-20179)

* A Confainer could fail to restart because of an issue in the
  synchronize_mapping_faults() function which could cause a deadlock.
* The number of processes which reside in the uninterruptible sleep state could
  be reported incorrectly if a Container was suspended with stopped processes
  inside. This issue did not affect the real node load, but indirectly affected
  the loadaverage reported by the system. (PSBM-21154)
* The kernel scheduler optimizations done with the assumption that there were no
  nested Containers improved the overall node performance especially in case of
  Containers with CPU limits configured, residing on NFS volumes. (PSBM-20273)
Parallels would like to thank Jonathan Salwan of Sysdream Security Laboratory
for reporting CVE-2013-2239.
You can download and install this kernel update using the vzup2date utility
included in the Parallels Server Bare Metal 5.0 distribution set.
Copyright (c) 1999-2013 Parallels IP Holdings GmbH and its affiliates. All
rights reserved.

2897d76d56d2010f4e3a28f864d69223 c662da62f00df94fd77ba7a2c9eff4b4 a26b38f94253cdfbf1028d72cf3a498b

Email subscription for changes to this article
Save as PDF