Issue date: 2014-12-19
1. What's Included in This Update
This update includes a new Parallels Virtuozzo Containers for Linux 4.6 kernel (2.6.18-028stab117.2) based on the Red Hat Enterprise Linux 5.11 kernel (2.6.18-400.el5). The new kernel introduces security and stability fixes.
2. Bug Fixes
The new kernel includes a security fix from Red Hat Enterprise Linux 5 kernel:
- It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, 2.6.18-400.el5)
The new kernel also includes a security fix for CVE-2014-9322:
- A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from an #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged Container user could use this flaw to crash the Hardware Node or escalate their privileges on the system. (CVE-2014-9322)
3. Obtaining the Update
You can download and install the update using the vzup2date utility included in the Parallels Virtuozzo Containers for Linux 4.6 distribution set.
Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates. All rights reserved.