Article ID: 121919, created on Jun 6, 2014, last review on Jun 6, 2014

  • Applies to:
  • Virtuozzo hypervisor 5.0
-----------------------------------------------------------------------
Synopsis:          A new Parallels Server Bare Metal 5.0 kernel
                   update addressing a security issue.
Product:           Parallels Server Bare Metal 5.0
Keywords:          'security'
 
-----------------------------------------------------------------------
 
This document provides information on the new Parallels Server Bare Metal 5.0 kernel, version 2.6.32-042stab090.3.
 
CONTENTS
 
1. About This Update
2. Update Description
3. Obtaining the New Kernel
4. References
 
1. ABOUT THIS UPDATE
 
The current update for the Parallels Server Bare Metal 5.0 kernel provides a new kernel based on the Red Hat Enterprise Linux 6.5 kernel (2.6.32-431.17.1.el6). The updated kernel includes a security fix.
 
2. UPDATE DESCRIPTION
 
This update includes the following fix:
 
- Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation. Using this vulnerability, a local unprivileged user of a Container could potentially crash the Hardware Node or gain Host root privileges. (#CVE-2014-3153)
 
3. OBTAINING THE NEW KERNEL
 
You can download and install this kernel update using the vzup2date utility included in the Parallels Server Bare Metal 5.0 distribution set.
 
4. REFERENCES
 
https://access.redhat.com/security/cve/CVE-2014-3153
 
--------------------------------------------------------------------------------
Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates. All rights reserved.

c662da62f00df94fd77ba7a2c9eff4b4 2897d76d56d2010f4e3a28f864d69223 a26b38f94253cdfbf1028d72cf3a498b

Email subscription for changes to this article
Save as PDF