Article ID: 122313, created on Jul 9, 2014, last review on Jul 9, 2014

  • Applies to:
  • Virtuozzo 6.0
Synopsis:          A Parallels Cloud Server 6.0 kernel update
                   introducing a security fix.
Product:           Parallels Cloud Server 6.0
Keywords:          'security'
1. What's Included in This Update
This update includes a new Parallels Cloud Server 6.0 kernel (2.6.32-042stab092.2) based on the Red Hat Enterprise Linux 6.5 kernel (2.6.32-431.20.3.el6). The new kernel introduces a security fix.
2. Bug Fixes
- A critical issue in the Linux kernel's ptrace subsystem code could allow unprivileged local Container users to crash the host system and likely gain host system's root privileges. (#PSBM-27973)
  On Intel CPUs, sysret to non-canonical address causes a fault on the sysret instruction itself after the stack pointer is set to a user mode value but before the CPL is changed. Systems running on AMD CPUs are not vulnerable to this issue as sysret on AMD CPUs does not generate a fault before the CPL change.
  It was found that certain Linux kernel's ptrace subsystem code paths allow the tracer to set tracee's instruction pointer to non-canonical address which is later used on tracee's return to user mode via the sysret instruction, effectively bypassing the hardening introduced via the fixes for CVE-2005-1764 (introduced guard page between the end of the user-mode accessible virtual address space and the beginning of the non-canonical) and CVE-2006-0744 (system call handler hardening).
3. Obtaining the Update
You can download and install the update using the yum utility included in the Parallels Cloud Server 6.0 distribution.
4. References
Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates. All rights reserved.

c62e8726973f80975db0531f1ed5c6a2 2897d76d56d2010f4e3a28f864d69223 0dd5b9380c7d4884d77587f3eb0fa8ef

Email subscription for changes to this article
Save as PDF