Article ID: 120511, created on Mar 12, 2014, last review on May 11, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.7
-----------------------------------------------------------------------
Synopsis:          A new Parallels Virtuozzo Containers for Linux 4.7
                   kernel update addressing security, performance, and
                   stability issues.
Product:           Parallels Virtuozzo Containers for Linux 4.7
Keywords:          'bugfix' 'stability' 'security'

-----------------------------------------------------------------------

This document provides information on the new Parallels Virtuozzo
Containers for Linux 4.7 kernel, version 2.6.32-042stab085.17.

-----------------------------------------------------------------------
CONTENTS

1. About This Update
2. Update Description
3. Obtaining the New Kernel
4. References

-----------------------------------------------------------------------

1. ABOUT THIS UPDATE

The current update for the Parallels Virtuozzo Containers for Linux 4.7
kernel provides a new kernel based on the Red Hat Enterprise Linux 6.5
kernel (2.6.32-431.1.2.el6). The updated kernel includes a number of
security, performance, and stability fixes.

-----------------------------------------------------------------------

2. UPDATE DESCRIPTION

This update includes the following fixes and improvements:

* The OOMGUARPAGES failcounter sometimes may not be updated in case the
OOM killer enters the "berserker" mode. (PCLIN-32154)

* Under certain circumstances, the network may be flooded by UDP unicast
packets amplified by Containers working in the "bridged" mode.
(PSBM-24469)

* The UID/GID of UNIX sockets created on tmpfs filesystem could be
restored incorrectly after online Container migration which could
cause application failures. (PSBM-25014)

* Under certain conditions, file checksums can be calculated
incorrectly, causing pfcache to malfunction. (PSBM-23774)

* An online migration of a long-living ploop-based Container could lead
to a kernel panic on the destination Node caused by improper ploop
version detection. (PSBM-24408)

* Previously, a process inside a Container which tried to allocate more
than half of RAM provided to that Container was usually killed by the
SIGBUS signal. This behavior was correct but not user-friendly enough.
The improved algorihtm checks the amount of free shared memory in
advance and returns -ENOSPC to the requester instead. (PSBM-23408,
OVZ# 2805)

* Client cannot connect to Parallels Power Panel on port 4643 with a
lower-than-1500-MTU router. Such connections hang. (PSBM-24217)

* Under certain conditions, the Container backup and online migration
operations could cause a kernel panic in the ext4 code in case /vz was
mounted without journal. (PCLIN-32263)

-----------------------------------------------------------------------

3. OBTAINING THE NEW KERNEL

You can download and install this kernel update using the vzup2date
utility included in the Parallels Virtuozzo Containers for Linux 4.7
distribution set.

-----------------------------------------------------------------------

4. REFERENCES

https://rhn.redhat.com/errata/RHSA-2013-1801.html

https://www.redhat.com/security/data/cve/CVE-2013-2141.html
https://www.redhat.com/security/data/cve/CVE-2013-4470.html
https://www.redhat.com/security/data/cve/CVE-2013-6367.html
https://www.redhat.com/security/data/cve/CVE-2013-6368.html

-----------------------------------------------------------------------
Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates.
All rights reserved.

0c05f0c76fec3dd785e9feafce1099a9 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF