Article ID: 126266, created on Jul 20, 2015, last review on Jul 20, 2015

  • Applies to:
  • Virtuozzo containers for Linux 4.7

Issue date: 2015-07-20

1. What's Included in This Update

This update includes a new Parallels Virtuozzo Containers for Linux 4.7 kernel (2.6.32-042stab108.7) based on the Red Hat Enterprise Linux 6.6 kernel (2.6.32-504.16.2.el6). The new kernel introduces stability and security fixes.

2. Bug Fixes

  • A privileged user inside a container could get access to files on the host. (#PSBM-34869)

  • A NULL pointer dereference flaw was found in the way the Linux kernel's virtual console implementation handled reference counting when accessing pseudo-terminal device files (/dev/pts/*). A local, unprivileged attacker could use this flaw to crash the system. (CVE-2011-5321)

  • It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636)

  • An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593)

  • A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-2830)

  • It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. (CVE-2015-2922)

3. Obtaining the Update

You can download and install the update using the vzup2date utility included in the Parallels Virtuozzo Containers for Linux 4.7 distribution set.

4. References

https://rhn.redhat.com/errata/RHSA-2015-1221.html

https://www.redhat.com/security/data/cve/CVE-2011-5321.html

https://www.redhat.com/security/data/cve/CVE-2015-1593.html

https://www.redhat.com/security/data/cve/CVE-2015-2830.html

https://www.redhat.com/security/data/cve/CVE-2015-2922.html

https://www.redhat.com/security/data/cve/CVE-2015-3636.html


Copyright (c) 1999-2015 Parallels IP Holdings GmbH and its affiliates. All rights reserved.

Search Words

stability

security

bugfix

e8e50b42231236b82df27684e7ec0beb 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f 0c05f0c76fec3dd785e9feafce1099a9

Email subscription for changes to this article
Save as PDF