Article ID: 125877, created on Jun 15, 2015, last review on Jun 15, 2015

  • Applies to:
  • Virtuozzo containers for Linux 4.6

Issue date: 2015-06-15

1. What's Included in This Update

This update includes a new Parallels Virtuozzo Containers for Linux 4.6 kernel (2.6.18-028stab119.2) based on the Red Hat Enterprise Linux 5.11 kernel (2.6.18-406.el5). The new kernel introduces security fixes.

2. Bug Fixes

The new kernel includes security fixes from the Red Hat Enterprise Linux 5 kernel:

  • It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, 2.6.18-406.el5)

  • A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. (CVE-2015-2925) An owner of a simfs-based container could use this flaw to get access to files on host. VZFS containers are not affected (OVZ #3256)

3. Obtaining the Update

You can download and install the update using the vzup2date utility included in the Parallels Virtuozzo Containers for Linux 4.6 distribution set.

4. References

https://rhn.redhat.com/errata/RHSA-2015-1042.html

https://www.redhat.com/security/data/cve/CVE-2015-1805.html

https://www.redhat.com/security/data/cve/CVE-2015-2925.html

https://bugzilla.openvz.org/show_bug.cgi?id=3256


Copyright (c) 1999-2015 Parallels IP Holdings GmbH and its affiliates. All rights reserved.

Search Words

security

bugfix

d02f9caf3e11b191a38179103495106f 2897d76d56d2010f4e3a28f864d69223 36627b12981f68a16405a79233409a5e e8e50b42231236b82df27684e7ec0beb

Email subscription for changes to this article
Save as PDF