Article ID: 120833, created on Apr 1, 2014, last review on May 9, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.6
--------------------------------------------------------------------------------
Synopsis:          The new Parallels Virtuozzo Containers 4.6 kernel provides
                   an update with security and stability fixes.
Issue date:        2014-03-30
Product:           Parallels Virtuozzo Containers 4.6
Keywords:          'bugfix' 'security'
 
--------------------------------------------------------------------------------
 
This document provides information on the new Parallels Virtuozzo Containers 4.6
kernel, version 2.6.18-028stab112.3.
 
--------------------------------------------------------------------------------
TABLE OF CONTENTS
 
1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References
 
--------------------------------------------------------------------------------
 
1. ABOUT THIS RELEASE
 
The current update for the Parallels Virtuozzo Containers 4.6 kernel provides
a new kernel based on the Red Hat Enterprise Linux 5.10 kernel 
(2.6.18-371.6.1.el5). The updated kernel includes a number of security and
stability fixes.
 
--------------------------------------------------------------------------------
 
2. UPDATES DESCRIPTION
 
This update fixes the following issues:
 
- The futex subcommand (FUTEX_WAIT_BITSET & FUTEX_CLOCK_REALTIME) is broken in
  the 028stab110 kernel. (OVZ-2779)
 
- Cycle in skb_charge_datalen(). (PCLIN-32376)
 
The new kernel includes a number of security fixes from Red Hat Enterprise
Linux 5 kernels:
 
- [xen] It was found that the Xen hypervisor did not always lock
  'page_alloc_lock' and 'grant_table.lock' in the same order. This could
  potentially lead to a deadlock. A malicious guest administrator could use
  this flaw to cause a denial of service on the host.
  (CVE-2013-4494, 2.6.18-371.4.1.el5)
 
- [s390] A buffer overflow flaw was found in the way the qeth_snmp_command()
  function in the Linux kernel's QETH network device driver implementation
  handled SNMP IOCTL requests with an out-of-bounds length. A local,
  unprivileged user could use this flaw to crash the system or, potentially,
  escalate their privileges on the system.
  (CVE-2013-6381, 2.6.18-371.6.1.el5)
 
- A flaw was found in the way the ipc_rcu_putref() function in the Linux
  kernel's IPC implementation handled reference counter decrementing.
  A local, unprivileged user could use this flaw to trigger an Out of Memory
  (OOM) condition and, potentially, crash the system.
  (CVE-2013-4483, 2.6.18-371.6.1.el5)
 
- [xen] It was found that the Xen hypervisor implementation did not correctly
  check privileges of hypercall attempts made by HVM guests, allowing
  hypercalls to be invoked from protection rings 1 and 2 in addition to
  ring 0. A local attacker in an HVM guest able to execute code on privilege
  levels 1 and 2 could potentially use this flaw to further escalate their
  privileges in that guest. Note: Xen HVM guests running unmodified versions
  of Red Hat Enterprise Linux and Microsoft Windows are not affected by this
  issue because they are known to only use protection rings 0 (kernel) and 3
  (userspace). (CVE-2013-4554, 2.6.18-371.6.1.el5)
 
- A flaw was found in the way the Linux kernel's Adaptec RAID controller
  (aacraid) checked permissions of compat IOCTLs. A local attacker could use
  this flaw to bypass intended security restrictions.
  (CVE-2013-6383, 2.6.18-371.6.1.el5)
 
- [xen] It was found that, under specific circumstances, a combination of write
  operations to write-combined memory and locked CPU instructions may cause a
  core hang on certain AMD CPUs (for more information, refer to AMD CPU
  erratum 793 linked in the References section). A privileged user in a guest
  running under the Xen hypervisor could use this flaw to cause a denial of
  service on the host system. This update adds a workaround to the Xen
  hypervisor implementation, which mitigates the AMD CPU issue. Note: this
  issue only affects AMD Family 16h Models 00h-0Fh Processors. Non-AMD CPUs
  are not vulnerable. (CVE-2013-6885, 2.6.18-371.6.1.el5)
 
- It was found that certain protocol handlers in the Linux kernel's
  networking implementation could set the addr_len value without initializing
  the associated data structure. A local, unprivileged user could use this
  flaw to leak kernel stack memory to user space using the recvmsg, recvfrom,
  and recvmmsg system calls. (CVE-2013-7263, 2.6.18-371.6.1.el5)
 
- A flaw was found in the way the get_dumpable() function return value was
  interpreted in the ptrace subsystem of the Linux kernel. When
  'fs.suid_dumpable' was set to 2, a local, unprivileged local user could
  use this flaw to bypass intended ptrace restrictions and obtain
  potentially sensitive information. (CVE-2013-2929, 2.6.18-371.6.1.el5)
 
--------------------------------------------------------------------------------
 
3. OBTAINING THE NEW KERNEL
 
You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.6 distribution set.
 
--------------------------------------------------------------------------------
 
4. REFERENCES
 
http://rhn.redhat.com/errata/RHSA-2014-0108.html
http://rhn.redhat.com/errata/RHSA-2013-0285.html
 
https://www.redhat.com/security/data/cve/CVE-2013-4494.html
https://www.redhat.com/security/data/cve/CVE-2013-2929.html
https://www.redhat.com/security/data/cve/CVE-2013-4483.html
https://www.redhat.com/security/data/cve/CVE-2013-4554.html
https://www.redhat.com/security/data/cve/CVE-2013-6381.html
https://www.redhat.com/security/data/cve/CVE-2013-6383.html
https://www.redhat.com/security/data/cve/CVE-2013-6885.html
https://www.redhat.com/security/data/cve/CVE-2013-7263.html
 
--------------------------------------------------------------------------------
Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates.
All rights reserved.

36627b12981f68a16405a79233409a5e 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF