Article ID: 119272, created on Dec 23, 2013, last review on May 1, 2014

  • Applies to:
  • Virtuozzo hypervisor 5.0

-----------------------------------------------------------------------
Synopsis:          A new Parallels Server Bare Metal 5.0 kernel update
                   addressing security issues.
Product:           Parallels Server Bare Metal 5.0
Keywords:          'security'

-----------------------------------------------------------------------

This document provides information on the new Parallels Server Bare Metal 5.0
kernel, version 2.6.32-042stab084.14.

--------------------------------------------------------------------------------
CONTENTS

1. About This Update
2. Update Description
3. Obtaining the New Kernel
4. References

--------------------------------------------------------------------------------

1. ABOUT THIS UPDATE

The current update for the Parallels Server Bare Metal 5.0 kernel provides a
new kernel based on the Red Hat Enterprise Linux 6.4 kernel
(2.6.32-358.23.2.el6). The updated kernel includes a number of security fixes.

--------------------------------------------------------------------------------

2. UPDATE DESCRIPTION

This update includes the following fixes and improvements:

* A flaw was found in the way the Linux kernel's TCP/IP protocol suite
  implementation handled sending of certain UDP packets over sockets that used
  the UDP_CORK option when the UDP Fragmentation Offload (UFO) feature was
  enabled on the output device. A local, unprivileged user could use this flaw
  to cause a denial of service or, potentially, escalate their privileges on
  the system. (CVE-2013-4470)

* An information leak flaw in the Linux kernel could allow a local, unprivileged
  user to leak kernel memory to user space. (CVE-2013-2141)

--------------------------------------------------------------------------------

3. OBTAINING THE NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Server Bare Metal 5.0 distribution set.

--------------------------------------------------------------------------------

4. REFERENCES

https://rhn.redhat.com/errata/RHSA-2013-1801.html

https://www.redhat.com/security/data/cve/CVE-2013-2141.html
https://www.redhat.com/security/data/cve/CVE-2013-4470.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2013 Parallels IP Holdings GmbH and its affiliates. All
rights reserved.

c662da62f00df94fd77ba7a2c9eff4b4 2897d76d56d2010f4e3a28f864d69223 a26b38f94253cdfbf1028d72cf3a498b

Email subscription for changes to this article
Save as PDF