Issue date: 2015-06-15
1. What's Included in This Update
This update includes a new Parallels Virtuozzo Containers for Linux 4.6 kernel (2.6.18-028stab119.2) based on the Red Hat Enterprise Linux 5.11 kernel (2.6.18-406.el5). The new kernel introduces security fixes.
2. Bug Fixes
The new kernel includes security fixes from the Red Hat Enterprise Linux 5 kernel:
It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, 2.6.18-406.el5)
- A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. (CVE-2015-2925) An owner of a simfs-based container could use this flaw to get access to files on host. VZFS containers are not affected (OVZ #3256)
3. Obtaining the Update
You can download and install the update using the vzup2date utility included in the Parallels Virtuozzo Containers for Linux 4.6 distribution set.
Copyright (c) 1999-2015 Parallels IP Holdings GmbH and its affiliates. All rights reserved.