Article ID: 5760, created on Nov 19, 2008, last review on Apr 17, 2012

  • Applies to:
  • Virtuozzo containers for Linux 4.0

Resolution

----------------------------------------------------------------------------
Synopsis:          New Parallels Virtuozzo Containers 4.0 kernel provides a
                   fix for an important security vulnerability.
Issue date:        2008-11-17
Product:           Parallels Virtuozzo Containers 4.0
Keywords:          security update
----------------------------------------------------------------------------

This document provides information on the new Virtuozzo Containers 4.0 
kernel, version 2.6.18-028stab059.6.

(c) Parallels, 2008. All rights reserved.

----------------------------------------------------------------------------

TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Bugs Fixed
4. Obtaining New Kernel
5. Installing New Kernel
6. Required RPMs
7. Reference List

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Virtuozzo Containers 4.0 kernel provides a fix
for an important security vulnerability.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

The updated Virtuozzo Containers 4.0 kernel includes a fix for the following
security vulnerability:

  - The __scm_destroy() function in net/core/scm.c in the Linux kernel makes
    indirect recursive calls to itself, which may allow local users to cause
    a kernel panic. (CVE-2008-5029)


We highly recommend that all Parallels Virtuozzo Containers 4.0 users update
their kernel to the latest version.

--------------------------------------------------------------------------------

3. BUGS FIXED

The following bug from the previous release has been fixed in the new
Virtuozzo Containers 4.0 kernel:

- #127926: Unix sockets kernel panic due to recursion in __scm_destroy().
           (CVE-2008-5029)

--------------------------------------------------------------------------------

4. OBTAINING NEW KERNEL

You can get this kernel update in one of the following ways:

- You can download and install the update by using the vzup2date utility
  included in the Parallels Virtuozzo Containers 4.0 distribution set.

--------------------------------------------------------------------------------

5. INSTALLING NEW KERNEL

To install the update, you should perform the following operations:

I. Use the "rpm -ihv" command to install the new kernel and Virtuozzo modules.

# rpm -ivh vzkernel-2.6.18-028stab059.6.i686.rpm \
vzmodules-2.6.18-028stab059.6.i686.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [50%]
    2:vzmodules              ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
    loaded by default. If you use the LILO bootloader, please do not forget to
    execute the 'lilo' command to write the changes to the boot sector:

     # lilo
     Added Virtuozzo2 *
     Added Virtuozzo1
     Added linux
     Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new
     kernel.

--------------------------------------------------------------------------------

6. REQUIRED RPMS

Depending on the kind of processor on your Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- SMP:
   vzkernel-2.6.18-028stab059.6.i686.rpm
   vzmodules-2.6.18-028stab059.6.i686.rpm

- Enterprise:
   vzkernel-ent-2.6.18-028stab059.6.i686.rpm
   vzmodules-ent-2.6.18-028stab059.6.i686.rpm

- Enterprise with the 4GB split feature disabled:
   vzkernel-PAE-2.6.18-028stab059.6.i686.rpm
   vzmodules-PAE-2.6.18-028stab059.6.i686.rpm


x86_64 kernels:

   vzkernel-2.6.18-028stab059.6.x86_64.rpm
   vzmodules-2.6.18-028stab059.6.x86_64.rpm

ia64 kernel:
   vzkernel-2.6.18-028stab059.6.ia64.rpm
   vzmodules-2.6.18-028stab059.6.ia64.rpm

--------------------------------------------------------------------------------

7. REFERENCE LIST

The following references have been used in this document:

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5029

- https://bugzilla.redhat.com/show_bug.cgi?id=470201

35c16f1fded8e42577cb3df16429c57a d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF