Article ID: 118370, created on Nov 1, 2013, last review on Apr 26, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.6
-----------------------------------------------------------------------
Synopsis:          The new Parallels Virtuozzo Containers 4.6 kernel
                   provides an update with security and stability fixes.
Product:           Parallels Virtuozzo Containers 4.6
Keywords:          'bugfix' 'security'

-----------------------------------------------------------------------

This document provides information on the new Virtuozzo Containers 4.6 kernel,
version 2.6.18-028stab109.2.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Virtuozzo Containers 4.6 kernel provides
a new kernel based on the Red Hat Enterprise Linux 5.10 kernel 
(2.6.18-371.el5). The updated kernel includes a number of security and
stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

The new kernel includes a number of security fixes from Red Hat Enterprise
Linux 5 kernels:

- A use-after-free flaw was found in the madvise() system call
  implementation in the Linux kernel. A local, unprivileged user could use
  this flaw to cause a denial of service or, potentially, escalate their
  privileges. (CVE-2012-3511, 2.6.18-348.18.1.el5)

- A flaw was found in the way the Linux kernel's TCP/IP protocol suite
  implementation handled IPv6 sockets that used the UDP_CORK option. A local,
  unprivileged user could use this flaw to cause a denial of service.
  (CVE-2013-4162, 2.6.18-348.18.1.el5)

- An information leak flaw in the Linux kernel could allow a local,
  unprivileged user to leak kernel memory to user-space.
  (CVE-2013-2141, 2.6.18-348.18.1.el5)

- It was found that a deadlock could occur in the Out of Memory (OOM)
  killer. A process could trigger this deadlock by consuming a large amount
  of memory, and then causing request_module() to be called. A local,
  unprivileged user could use this flaw to cause a denial of service
  (excessive memory consumption). (CVE-2012-4398, 2.6.18-371.el5)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.6 distribution set.

--------------------------------------------------------------------------------

4. REFERENCES

http://rhn.redhat.com/errata/RHSA-2013-1292.html
http://rhn.redhat.com/errata/RHSA-2013-1348.html

https://www.redhat.com/security/data/cve/CVE-2012-3511.html
https://www.redhat.com/security/data/cve/CVE-2013-2141.html
https://www.redhat.com/security/data/cve/CVE-2013-4162.html
https://www.redhat.com/security/data/cve/CVE-2013-4398.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2013 Parallels IP Holdings GmbH and its affiliates.
All rights reserved.

36627b12981f68a16405a79233409a5e 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF