Article ID: 9017, created on Sep 20, 2010, last review on Apr 16, 2012

  • Applies to:
  • Virtuozzo hypervisor 4.0 for Mac Bare Metal

Release notes

--------------------------------------------------------------------------------
Synopsis:          New Parallels Server for Mac 4.0 Bare Metal Edition kernel
                   provides an important security fix.
Issue date:        2010-09-21
Product:           Parallels Server for Mac 4.0 Bare Metal Edition
Keywords:          'security fixes'

--------------------------------------------------------------------------------

This document provides information on the new Parallels Server for Mac 4.0 Bare
Metal Edition kernel, version 2.6.18-028stab070.5.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Bugs Fixed
3. Obtaining New Kernel
4. Installing New Kernel
5. Required RPMs
6. Reference List

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for Parallels Server for Mac 4.0 Bare Metal Edition includes
a fix for the vulnerability in the 32-bit compatibility layer for 64-bit
systems. A stack pointer underflow can occur when using the
compat_alloc_user_space() method with an arbitrary length input, which may
cause a local root escalation (CVE-2010-3081).

We highly recommend that all Parallels Server for Mac 4.0 Bare Metal Edition
users update their kernel to the latest version.

--------------------------------------------------------------------------------

2. BUGS FIXED

The following bug from the previous release has been fixed in the new
Parallels Server for Mac 4.0 Bare Metal Edition kernel:

- #PCLIN-27695: A local root escalation is possible due to a bug that causes
                a stack pointer underflow in compat_alloc_user_space().

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Server for Mac 4.0 Bare Metal Edition distribution
set.

--------------------------------------------------------------------------------

4. INSTALLING NEW KERNEL

To install the update, perform the following operations:

I. Use the "rpm -ihv" command to install the new kernel and kernel modules.

# rpm -ivh vzkernel-2.6.18-028stab070.5.i686.rpm \
vzmodules-2.6.18-028stab070.5.i686.rpm \
parallels-kmod-4.0.5648.553410-1.2.6.18_028stab070.5.x86_64.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [33%]
    2:vzmodules              ################################# [67%]
    3:parallels-kmod         ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.

II. Reboot your computer with the "shutdown -r now" command to boot the new
    kernel.

--------------------------------------------------------------------------------

5. REQUIRED RPMS

Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:

   vzkernel-2.6.18-028stab070.5.x86_64.rpm
   vzmodules-2.6.18-028stab070.5.x86_64.rpm
   parallels-kmod-4.0.5648.553410-1.2.6.18_028stab070.5.x86_64.rpm

--------------------------------------------------------------------------------

6. REFERENCE LIST

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081

--------------------------------------------------------------------------------
Copyright © 1999-2010 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

a26b38f94253cdfbf1028d72cf3a498b 0fe456bdc1f41aefe37dd2554a60437e 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF