Article ID: 9119, created on Oct 6, 2010, last review on May 1, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.0

Release notes

--------------------------------------------------------------------------------
Synopsis:          New Parallels Virtuozzo Containers 4.0 kernel provides a number of important stability fixes and security updates.
Issue date:        08-26-2010
Product:            Parallels Virtuozzo Containers 4.0
Keywords:         "stability fixes" "security updates"

--------------------------------------------------------------------------------

This document provides information on the new Virtuozzo Containers 4.0 kernel,
version 2.6.18-028stab070.7.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. Installing New Kernel
5. Required RPMs
6. Reference List

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Virtuozzo Containers 4.0 kernel provides a new kernel
based on the new Red Hat Enterprise Linux 5 kernel (2.6.18-194.17.1.el5). The
updated kernel includes a number of important security and stability fixes from
Parallels and Red Hat.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

The updated Virtuozzo Containers 4.0 kernel includes fixes for the following
security vulnerabilities, including those that were fixed in the
2.6.18-194.17.1.el5 Red Hat kernel:

* A buffer overflow flaw was found in the ecryptfs_uid_hash() function in
  the Linux kernel eCryptfs implementation. On systems that have the eCryptfs
  netlink transport (Red Hat Enterprise Linux 5 does) or where the
  "/dev/ecryptfs" file has world writable permissions (which it does not, by
  default, on Red Hat Enterprise Linux 5), a local, unprivileged user could
  use this flaw to cause a denial of service or possibly escalate their
  privileges. (CVE-2010-2492, Important)

* A miscalculation of the size of the free space of the initial directory
  entry in a directory leaf block was found in the Linux kernel Global File
  System 2 (GFS2) implementation. A local, unprivileged user with write
  access to a GFS2-mounted file system could perform a rename operation on
  that file system to trigger a NULL pointer dereference, possibly resulting
  in a denial of service or privilege escalation. (CVE-2010-2798, Important)

* A flaw was found in the Xen hypervisor implementation when running a
  system that has an Intel CPU without Extended Page Tables (EPT) support.
  While attempting to dump information about a crashing fully virtualized
  guest, the flaw could cause the hypervisor to crash the host as well. A
  user with permissions to configure a fully virtualized guest system could
  use this flaw to crash the host. (CVE-2010-2938, Moderate)

* Information leak flaws were found in the Linux kernel's Traffic Control
  Unit implementation. A local attacker could use these flaws to cause the
  kernel to leak kernel memory to user-space, possibly leading to the
  disclosure of sensitive information. (CVE-2010-2942, Moderate)

* A flaw was found in the Linux kernel's XFS file system implementation.
  The file handle lookup could return an invalid inode as valid. If an XFS
  file system was mounted via NFS (Network File System), a local attacker
  could access stale data or overwrite existing data that reused the inodes.
  (CVE-2010-2943, Moderate)

* An integer overflow flaw was found in the extent range checking code in
  the Linux kernel's ext4 file system implementation. A local, unprivileged
  user with write access to an ext4-mounted file system could trigger this
  flaw by writing to a file at a very large file offset, resulting in a local
  denial of service. (CVE-2010-3015, Moderate)

* An information leak flaw was found in the Linux kernel's USB
  implementation. Certain USB errors could result in an uninitialized kernel
  buffer being sent to user space. An attacker with physical access to a
  target system could use this flaw to cause an information leak.
  (CVE-2010-1083, Low)

* When an application has a stack overflow, the stack could silently
  overwrite another memory-mapped area instead of a segmentation fault
  occurring, which could cause an application to execute arbitrary code,
  possibly leading to a privilege escalation. It is known that the X Window
  System server can be used to trigger this flaw. (CVE-2010-2240, Important)

* Instances of unsafe sprintf() use were found in the Linux kernel
  Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,
  or RFCOMM sockets could result in arbitrary memory pages being overwritten.
  A local, unprivileged user could use this flaw to cause a kernel panic
  (denial of service) or escalate their privileges. (CVE-2010-1084,
  Important)

* A flaw was found in the Xen hypervisor implementation when using the
  Intel Itanium architecture, allowing guests to enter an unsupported state.
  An unprivileged guest user could trigger this flaw by setting the BE (Big
  Endian) bit of the Processor Status Register (PSR), leading to the guest
  crashing (denial of service). (CVE-2010-2070, Important)

* A flaw was found in the CIFSSMBWrite() function in the Linux kernel
  Common Internet File System (CIFS) implementation. A remote attacker could
  send a specially crafted SMB response packet to a target CIFS client,
  resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)

* Buffer overflow flaws were found in the Linux kernel's implementation of
  the server-side External Data Representation (XDR) for the Network File
  System (NFS) version 4. An attacker on the local network could send a
  specially-crafted large compound request to the NFSv4 server, which could
  possibly result in a kernel panic (denial of service) or, potentially, code
  execution. (CVE-2010-2521, Important)

* A flaw was found in the handling of SWAPEXT IOCTL in the Linux kernel
  XFS file system implementation. A local user could use this flaw to read
  write-only files, that they do not own, on an XFS file system. This could
  lead to unintended information disclosure. (CVE-2010-2226, Moderate)

* A flaw was found in the dns_resolver upcall used by CIFS. A local,
  unprivileged user could redirect a Microsoft Distributed File System link
  to another IP address, tricking the client into mounting the share from a
  server of the user's choosing. (CVE-2010-2524, Moderate)

* A missing check was found in the mext_check_arguments() function in the
  ext4 file system code. A local user could use this flaw to cause MOVE_EXT
  IOCTL to overwrite the contents of an append-only file on an ext4 file
  system, if they have write permissions for that file. (CVE-2010-2066,
  Low)

This update also includes fixes for the following Virtuozzo issues:

* A NULL pointer dereference when configuring forwarding options for a
  virtual networking device was found (ovz#1658).

* Dropped packets statistics was not reported by the venet driver (#485907).

* The hardware ID value was recalculated and changed when configuring bridged
  devices (PCLIN-27682).

We highly recommend that all Parallels Virtuozzo Containers 4.0 users update
their kernel to the latest version.

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.6 distribution set.

--------------------------------------------------------------------------------

4. INSTALLING NEW KERNEL

To install the update, do the following:

I. Use the "rpm -ihv" command to install the new kernel and Virtuozzo modules.

# rpm -ivh vzkernel-2.6.18-028stab070.7.i686.rpm \
vzmodules-2.6.18-028stab070.7.i686.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [50%]
    2:vzmodules              ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
    loaded by default. If you use the LILO bootloader, please do not forget to
    execute the "lilo" command to write the changes to the boot sector:

     # lilo
     Added Virtuozzo2 *
     Added Virtuozzo1
     Added linux
     Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new
     kernel.

--------------------------------------------------------------------------------

5. REQUIRED RPMS

Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- SMP:
   vzkernel-2.6.18-028stab070.7.i686.rpm
   vzmodules-2.6.18-028stab070.7.i686.rpm

- Enterprise:
   vzkernel-ent-2.6.18-028stab070.7.i686.rpm
   vzmodules-ent-2.6.18-028stab070.7.i686.rpm

- Enterprise with the 4GB split feature disabled:
   vzkernel-PAE-2.6.18-028stab070.7.i686.rpm
   vzmodules-PAE-2.6.18-028stab070.7.i686.rpm


x86_64 kernels:

- SMP:
   vzkernel-2.6.18-028stab070.7.x86_64.rpm
   vzmodules-2.6.18-028stab070.7.x86_64.rpm

--------------------------------------------------------------------------------

6. REFERENCE LIST

https://rhn.redhat.com/errata/RHSA-2010-0723.html
https://rhn.redhat.com/errata/RHSA-2010-0661.html
https://rhn.redhat.com/errata/RHSA-2010-0610.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524

--------------------------------------------------------------------------------
Copyright © 1999-2010 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

35c16f1fded8e42577cb3df16429c57a d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF