Article ID: 121548, created on May 12, 2014, last review on May 13, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.6
--------------------------------------------------------------------
Synopsis:          The new Parallels Virtuozzo Containers 4.6
                   kernel provides an update with security and
                   stability fixes.
Product:           Parallels Virtuozzo Containers 4.6
Keywords:          'bugfix' 'security' 'stability'
 
--------------------------------------------------------------------
 
This document provides information on the new Parallels Virtuozzo Containers 4.6 kernel, version 2.6.18-028stab113.1
 
TABLE OF CONTENTS
 
1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References
 
1. ABOUT THIS RELEASE
 
The current update for the Parallels Virtuozzo Containers 4.6 kernel provides a new kernel based on the Red Hat Enterprise Linux 5.10 kernel (2.6.18-371.8.1.el5). The updated kernel includes a number of security and stability fixes.
 
2. UPDATES DESCRIPTION
 
The new kernel includes a number of security fixes from Red Hat Enterprise Linux 5 kernels:
 
- A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled TCP packets with both the SYN and FIN flags set. A remote attacker could use this flaw to consume an excessive amount of resources on the target system, potentially resulting in a denial of service. (CVE-2012-6638, 2.6.18-371.8.1.el5)
 
- A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, 2.6.18-371.8.1.el5)
 
3. OBTAINING THE NEW KERNEL
 
You can download and install this kernel update using the vzup2date utility included in the Parallels Virtuozzo Containers 4.6 distribution set.
 
4. REFERENCES
 
http://rhn.redhat.com/errata/RHSA-2014-0433.html
 
https://www.redhat.com/security/data/cve/CVE-2012-6638.html
https://www.redhat.com/security/data/cve/CVE-2013-2888.html
 
--------------------------------------------------------------------------------
Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates.
All rights reserved.

36627b12981f68a16405a79233409a5e 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF