Article ID: 117060, created on Sep 2, 2013, last review on May 7, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.6
-----------------------------------------------------------------------
Synopsis:          The new Parallels Virtuozzo Containers 4.6 kernel
                   provides an update with security and stability fixes.
Product:           Parallels Virtuozzo Containers 4.6
Keywords:          'bugfix' 'security'

-----------------------------------------------------------------------

This document provides information on the new Virtuozzo Containers 4.6 kernel,
version 2.6.18-028stab108.1.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Virtuozzo Containers 4.6 kernel provides
a new kernel based on the Red Hat Enterprise Linux 5.9 kernel 
(2.6.18-348.16.1.el5). The updated kernel includes a number of security and
stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

- Kernel crash in ub_skb_uncharge (PCLIN-32014).

- Kernel crash in venet_ext_lookup (PCLIN-32022).

- Affected Container IDs missing from SYN flood warning messages (PCLIN-31975).

The new kernel includes a number of security fixes from Red Hat Enterprise
Linux 5 kernels:

- A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled
  interrupt remapping entries. By default, a single interrupt remapping table is
  used, and old interrupt remapping entries are not cleared, potentially
  allowing a privileged guest user in a guest that has a passed-through,
  bus-mastering capable PCI device to inject interrupt entries into others
  guests, including the privileged management domain (Dom0), leading to a denial
  of service. (CVE-2013-0153, 2.6.18-348.6.1.el5)

- Information leaks in the Linux kernel could allow a local, unprivileged user
  to leak kernel memory to user-space. (CVE-2012-6544, CVE-2012-6545,
  CVE-2013-3222, CVE-2013-3224, CVE-2013-3231, CVE-2013-3235,
  2.6.18-348.12.1.el5)

- An information leak was found in the Linux kernel's POSIX signals
  implementation. A local, unprivileged user could use this flaw to bypass
  the Address Space Layout Randomization (ASLR) security feature.
  (CVE-2013-0914, 2.6.18-348.12.1.el5)

- A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the
  vital product data (VPD) of devices could allow an attacker with physical
  access to a system to cause a denial of service or, potentially, escalate
  their privileges. (CVE-2013-1929, 2.6.18-348.12.1.el5)

- A flaw was found in the way the Linux kernel's Stream Control Transmission
  Protocol (SCTP) implementation handled duplicate cookies. If a local user
  queried SCTP connection information at the same time a remote attacker has
  initialized a crafted SCTP connection to the system, it could trigger a NULL
  pointer dereference, causing the system to crash.
  (CVE-2013-2206, 2.6.18-348.16.1.el5)

- An invalid pointer dereference flaw was found in the Linux kernel's TCP/IP
  protocol suite implementation. A local, unprivileged user could use this flaw
  to crash the system or, potentially, escalate their privileges on the system
  by using sendmsg() with an IPv6 socket connected to an IPv4 destination.
  (CVE-2013-2232, 2.6.18-348.16.1.el5)

- Information leak flaws in the Linux kernel could allow a privileged, local
  user to leak kernel memory to user-space. (CVE-2013-2164, CVE-2013-2147,
  CVE-2013-2234, CVE-2013-2237, 2.6.18-348.16.1.el5)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.6 distribution set.

--------------------------------------------------------------------------------

4. REFERENCES

http://rhn.redhat.com/errata/RHSA-2013-0847.html
http://rhn.redhat.com/errata/RHSA-2013-1034.html
http://rhn.redhat.com/errata/RHSA-2013-1166.html

https://www.redhat.com/security/data/cve/CVE-2012-6544.html
https://www.redhat.com/security/data/cve/CVE-2012-6545.html
https://www.redhat.com/security/data/cve/CVE-2013-0153.html
https://www.redhat.com/security/data/cve/CVE-2013-1929.html
https://www.redhat.com/security/data/cve/CVE-2013-2164.html
https://www.redhat.com/security/data/cve/CVE-2013-2147.html
https://www.redhat.com/security/data/cve/CVE-2013-2206.html
https://www.redhat.com/security/data/cve/CVE-2013-2232.html
https://www.redhat.com/security/data/cve/CVE-2013-2234.html
https://www.redhat.com/security/data/cve/CVE-2013-2237.html
https://www.redhat.com/security/data/cve/CVE-2013-3222.html
https://www.redhat.com/security/data/cve/CVE-2013-3224.html
https://www.redhat.com/security/data/cve/CVE-2013-3231.html
https://www.redhat.com/security/data/cve/CVE-2013-3235.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2013 Parallels IP Holdings GmbH and its affiliates.
All rights reserved.

36627b12981f68a16405a79233409a5e 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF