Issue date: 2015-07-20
1. What's Included in This Update
This update includes a new Parallels Virtuozzo Containers for Linux 4.7 kernel (2.6.32-042stab108.7) based on the Red Hat Enterprise Linux 6.6 kernel (2.6.32-504.16.2.el6). The new kernel introduces stability and security fixes.
2. Bug Fixes
A privileged user inside a container could get access to files on the host. (#PSBM-34869)
A NULL pointer dereference flaw was found in the way the Linux kernel's virtual console implementation handled reference counting when accessing pseudo-terminal device files (/dev/pts/*). A local, unprivileged attacker could use this flaw to crash the system. (CVE-2011-5321)
It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636)
An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593)
A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-2830)
- It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. (CVE-2015-2922)
3. Obtaining the Update
You can download and install the update using the vzup2date utility included in the Parallels Virtuozzo Containers for Linux 4.7 distribution set.
Copyright (c) 1999-2015 Parallels IP Holdings GmbH and its affiliates. All rights reserved.