Issue date: 2015-12-25
1. What's Included in This Update
This update includes a new Parallels Virtuozzo Containers for Linux 4.7 kernel (2.6.32-042stab113.11) based on the Red Hat Enterprise Linux 6.7 kernel (2.6.32-573.8.1.el6). The new kernel is a rebase to a new Red Hat Enterprise Linux kernel and inherits all stability fixes from it. Additionally, the new kernel contains a number of security fixes from RHEL kernel 2.6.32-573.12.1.el6 as well as a number of internal security and stability fixes.
2. Bug Fixes
- Unauthorized access to IPC objects with SysV shm and msg. (CVE-2015-7613)
- Updated fix for keyrings crash triggerable by unprivileged user. (CVE-2015-7872)
- Crash in cgroup_release_agent() after container stop. (PSBM-34262)
- Unix socket was restored incorrectly after container resume. (PSBM-39774)
- Kernel panic when online-migrating a container with an active conntrack expectation from Virtuozzo Containers for Linux 4.6 (RHEL5) to RHEL6-based kernels. (PSBM-40287)
- WARNING in tty_ldisc_open(). (PSBM-41622)
- ip6_dst_cache entries should be charged inside container. (PSBM-42323)
- Introduced a per-container limit for IPv4 network interface aliases. (PSBM-42403)
- Improvements to memory reclaimer. (PSBM-40406)
- Crash on start of containers with the hidden PIDs feature enabled (kernel.pid_ns_hide_child=1). (OVZ-6568)
- Improvements to Docker operation inside containers.
- Minor memory leak fixes and performance optimizations.
3. Obtaining the Update
You can download and install the update using the vzup2date utility included in the Parallels Virtuozzo Containers for Linux 4.7 distribution.
https://rhn.redhat.com/errata/RHBA-2015-1992.html https://rhn.redhat.com/errata/RHSA-2015-2636.html https://access.redhat.com/security/cve/CVE-2015-7613 https://access.redhat.com/security/cve/CVE-2015-7872
Copyright (c) 1999-2015 Parallels IP Holdings GmbH and its affiliates. All rights reserved.