Article ID: 123994, created on Dec 19, 2014, last review on Dec 19, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.6

Issue date: 2014-12-19

1. What's Included in This Update

This update includes a new Parallels Virtuozzo Containers for Linux 4.6 kernel (2.6.18-028stab117.2) based on the Red Hat Enterprise Linux 5.11 kernel (2.6.18-400.el5). The new kernel introduces security and stability fixes.

2. Bug Fixes

The new kernel includes a security fix from Red Hat Enterprise Linux 5 kernel:

  • It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, 2.6.18-400.el5)

The new kernel also includes a security fix for CVE-2014-9322:

  • A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from an #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged Container user could use this flaw to crash the Hardware Node or escalate their privileges on the system. (CVE-2014-9322)

3. Obtaining the Update

You can download and install the update using the vzup2date utility included in the Parallels Virtuozzo Containers for Linux 4.6 distribution set.

4. References

Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates. All rights reserved.

Search Words




36627b12981f68a16405a79233409a5e 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF