Article ID: 2215, created on Oct 1, 2007, last review on Apr 17, 2012

  • Applies to:
  • Virtuozzo containers for Linux

Resolution

------------------------------------------------------------------------
Synopsis: New Virtuozzo 3.0 kernel provides an important security fix
  for the x86_64 architecture and several driver updates.
Issue date: 2007-10-01
Product: Virtuozzo 3.0
Keywords: security, driver update
------------------------------------------------------------------------

This document provides information on the new Virtuozzo 3.0 kernel,
version 2.6.9-023stab044.11.

(c) SWsoft, 2007. All rights reserved.

------------------------------------------------------------------------

TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Bugs Fixed
4. Obtaining New Kernel
5. Installing New Kernel
6. Required RPMs
7. Reference List

------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Virtuozzo 3.0 kernel provides an important
security fix for the x86_64 architecture, several driver updates, and
a number of other fixes.

------------------------------------------------------------------------

2. UPDATES DESCRIPTION

The updated Virtuozzo 3.0 kernel includes the fix for the following
security vulnerability:

  - [x86_64]: A flaw was found in the IA32 system call emulation
  provided on AMD64 and Intel 64 platforms. An improperly validated
  64-bit value could be stored in the %RAX register, which could
  trigger an out-of-bounds system call table access. An untrusted
  local user could exploit this flaw to run code in the kernel
  (i.e. a root privilege escalation) (CVE-2007-4573).


The updated Virtuozzo 3.0 kernel includes the fix for the following
issue:

  - Incorrect and confusing messages about the Virtuozzo license alleged
  expiration (the VEs are not stopped).


The updated Virtuozzo 3.0 kernel includes several updated drivers:

  - Areca RAID Controller driver
  (arcmsr driver 1.20.0X.14 version, memory leak fix)

  - RealTek RTL8169s/8110s Gigabit Ethernet driver
  (r8169 driver 2.2LK-NAPI version, new devices support)


Besides, the new Virtuozzo 3.0 kernel includes the following improvements:

  - The kernel has been rebased on the 2.6.9-55.0.2.EL4 Red Hat kernel.

  - The support for RAID Level 6 has been added.


We highly recommend that all Virtuozzo 3.0 users update their kernel
to the latest version.

------------------------------------------------------------------------

3. BUGS FIXED

The following bugs from the previous release have been fixed in the
new Virtuozzo 3.0 kernel:

- #92166: [x86_64]: Zero extend all registers after ptrace in 32bit entry
  path (CVE-2007-4573).

- #83557: A race between parallel readings from /proc/vz/hwid, which can
  lead to a wrong hwid detection.

- #87569: Memory leaks in 'arcmsr' driver when using Areca CLI monitoring
  utility.

- #19950: The support for Realtek RTL8111/8168B PCI Express Gigabit Ethernet
  controller should be added.

- #87220: The support for RAID Level 6 should be added.


The following OpenVZ bug has been fixed:

- #632: Per-user/group disk quota doesn't work inside a VE.

------------------------------------------------------------------------

4. OBTAINING NEW KERNEL

You can get this kernel update in one of the following ways:

- You can download the update from ftp://downloads.swsoft.com.
  If you do not have an ftp account, please contact pavel@swsoft.com.

- You can download and install the update by using the vzup2date
  utility included in the Virtuozzo 3.0 distribution set.

------------------------------------------------------------------------

5. INSTALLING NEW KERNEL

To install the update, you should perform the following operations:

I. Use the "rpm -ihv" command to install the new kernel and
  Virtuozzo modules.

# rpm -ivh vzkernel-smp-2.6.9-023stab044.11.i686.rpm \
vzmodules-smp-2.6.9-023stab044.11.i686.rpm
Preparing... ################################# [100%]
  1:vzkernel-smp ################################# [50%]
  2:vzmodules-smp ################################# [100%]

  Please DO NOT USE the "rpm -Uhv" command to install the kernel.
  Otherwise, all the kernels previously installed on your system
  may be removed from the Hardware Node.

II. You can adjust your boot loader configuration file to have the
  new kernel loaded by default. If you use the LILO bootloader,
  please do not forget to execute the 'lilo' command to write
  the changes to the boot sector:

  # lilo
  Added Virtuozzo2 *
  Added Virtuozzo1
  Added linux
  Added linux-up

III. Reboot your computer with the "shutdown -r now" command to
  boot the new kernel.

------------------------------------------------------------------------

6. REQUIRED RPMS

Depending on the kind of processor on your Hardware
Node, the following RPM packages are included in the kernel update:

x86 kernels:

- Uniprocessor:
  vzkernel-2.6.9-023stab044.11.i686.rpm
  vzmodules-2.6.9-023stab044.11.i686.rpm

- SMP:
  vzkernel-smp-2.6.9-023stab044.11.i686.rpm
  vzmodules-smp-2.6.9-023stab044.11.i686.rpm

- Enterprise:
  vzkernel-enterprise-2.6.9-023stab044.11.i686.rpm
  vzmodules-enterprise-2.6.9-023stab044.11.i686.rpm

- Enterprise with the 4GB split feature disabled:
  vzkernel-entnosplit-2.6.9-023stab044.11.i686.rpm
  vzmodules-entnosplit-2.6.9-023stab044.11.i686.rpm


x86_64 kernels:

- Uniprocessor:
  vzkernel-2.6.9-023stab044.11.x86_64.rpm
  vzmodules-2.6.9-023stab044.11.x86_64.rpm

- SMP:
  vzkernel-smp-2.6.9-023stab044.11.x86_64.rpm
  vzmodules-smp-2.6.9-023stab044.11.x86_64.rpm

ia64 kernel:
  vzkernel-2.6.9-023stab044.11.ia64.rpm
  vzmodules-2.6.9-023stab044.11.ia64.rpm

------------------------------------------------------------------------

7. REFERENCE LIST

The following references have been used in this document:

- https://rhn.redhat.com/errata/RHSA-2007-0937.html

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4573


e8e50b42231236b82df27684e7ec0beb d02f9caf3e11b191a38179103495106f 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF