Article ID: 122034, created on Jun 16, 2014, last review on Jun 24, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.6
--------------------------------------------------------------------------------
Synopsis:          The new Parallels Virtuozzo Containers 4.6 kernel provides an update with security and stability fixes.
Issue date:        2014-06-24
Product:           Parallels Virtuozzo Containers 4.6
Keywords:          'bugfix' 'security' 'stability'
 
--------------------------------------------------------------------------------
 
This document provides information on the new Parallels Virtuozzo Containers 4.6 kernel, version 2.6.18-028stab114.1.
 
--------------------------------------------------------------------------------
TABLE OF CONTENTS
 
1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References
 
--------------------------------------------------------------------------------
 
1. ABOUT THIS RELEASE
 
The current update for the Parallels Virtuozzo Containers 4.6 kernel provides a new kernel based on the Red Hat Enterprise Linux 5.10 kernel (2.6.18-371.9.1.el5). The updated kernel includes a number of security and stability fixes.
 
--------------------------------------------------------------------------------
 
2. UPDATES DESCRIPTION
 
The new kernel includes a number of security fixes from Red Hat Enterprise Linux 5 kernels:
 
- A flaw was found in the way the Linux kernel's floppy driver handled user  space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory.  (CVE-2014-1737, 2.6.18-371.9.1.el5)
 
- It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement.  (CVE-2014-1738, 2.6.18-371.9.1.el5)
 
  Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.
 
- A NULL pointer dereference flaw was found in the rds_ib_laddr_check()  function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system.  (CVE-2013-7339, 2.6.18-371.9.1.el5)
 
--------------------------------------------------------------------------------
 
3. OBTAINING THE NEW KERNEL
 
You can download and install this kernel update using the vzup2date utility included in the Parallels Virtuozzo Containers 4.6 distribution set.
 
--------------------------------------------------------------------------------
 
4. REFERENCES
 
 
--------------------------------------------------------------------------------
Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates.  All rights reserved.
 

36627b12981f68a16405a79233409a5e 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF