Article ID: 120649, created on Mar 21, 2014, last review on May 11, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.7
--------------------------------------------------------------------------------
Synopsis:        A new Parallels Virtuozzo Containers for Linux 4.7 kernel  update addressing a security issue.
Issue date:      2014-03-22
Product:           Parallels Virtuozzo Containers for Linux 4.7
Keywords:       'bugfix' 'security'
 
--------------------------------------------------------------------------------
 
This document provides information on the new Parallels Virtuozzo Containers for Linux 4.7 kernel, version 2.6.32-042stab085.20.
 
--------------------------------------------------------------------------------
CONTENTS
 
1. About This Update
2. Update Description
3. Obtaining the New Kernel
 
--------------------------------------------------------------------------------
 
1. ABOUT THIS UPDATE
 
The current update for the Parallels Virtuozzo Containers for Linux 4.7 kernel provides a new kernel based on the Red Hat Enterprise Linux 6.5 kernel (2.6.32-431.1.2.el6). The updated kernel includes a security fix.
 
--------------------------------------------------------------------------------
 
2. UPDATE DESCRIPTION
 
This update includes the following fix:
 
* A bug in the VFS lookup code could cause a kernel panic.  (PSBM-25537)
 
* A bug in the nf_conntrack_dccp code could result in copying the data into an actual buffer that sits on the stack.
 
  A remote attacker could use this flaw (with a possibly malformed DCCP packet) to crash the system or, potentially, escalate their privileges on the system.  (PSBM-25685)
 
--------------------------------------------------------------------------------
 
3. OBTAINING THE NEW KERNEL
 
You can download and install this kernel update using the vzup2date utility included in the Parallels Virtuozzo Containers for Linux 4.7 distribution set.
 
--------------------------------------------------------------------------------
Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates.
All rights reserved.
 

0c05f0c76fec3dd785e9feafce1099a9 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF