Article ID: 9160, created on Oct 15, 2010, last review on May 1, 2014

  • Applies to:
  • Virtuozzo hypervisor 4.0 for Mac Bare Metal

Release notes

--------------------------------------------------------------------------------
Synopsis:          New Parallels Server for Mac 4.0 Bare Metal Edition kernel
		   provides a number of important stability fixes and security
		   updates.
Issue date:        2010-08-26
Product:           Parallels Server for Mac 4.0 Bare Metal Edition
Keywords:          'stability fixes' 'security updates'

--------------------------------------------------------------------------------

This document provides information on the new Parallels Server for Mac 4.0 Bare
Metal Edition kernel, version 2.6.18-028stab070.7.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. Installing New Kernel
5. Required RPMs
6. Reference List

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Server for Mac 4.0 Bare Metal Edition
kernel provides a new kernel based on the new Red Hat Enterprise Linux 5 kernel
(2.6.18-194.17.1.el5).  The updated kernel includes a number of important
security and stability fixes from Parallels and Red Hat.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

The updated Parallels Server for Mac 4.0 Bare Metal Edition kernel includes
fixes for the following security vulnerabilities, including those that were
fixed in the 2.6.18-194.17.1.el5 Red Hat kernel:

* A buffer overflow flaw was found in the ecryptfs_uid_hash() function in
  the Linux kernel eCryptfs implementation. On systems that have the eCryptfs
  netlink transport (Red Hat Enterprise Linux 5 does) or where the
  "/dev/ecryptfs" file has world writable permissions (which it does not, by
  default, on Red Hat Enterprise Linux 5), a local, unprivileged user could
  use this flaw to cause a denial of service or possibly escalate their
  privileges. (CVE-2010-2492, Important)

* A miscalculation of the size of the free space of the initial directory
  entry in a directory leaf block was found in the Linux kernel Global File
  System 2 (GFS2) implementation. A local, unprivileged user with write
  access to a GFS2-mounted file system could perform a rename operation on
  that file system to trigger a NULL pointer dereference, possibly resulting
  in a denial of service or privilege escalation. (CVE-2010-2798, Important)

* A flaw was found in the Xen hypervisor implementation when running a
  system that has an Intel CPU without Extended Page Tables (EPT) support.
  While attempting to dump information about a crashing fully-virtualized
  guest, the flaw could cause the hypervisor to crash the host as well. A
  user with permissions to configure a fully-virtualized guest system could
  use this flaw to crash the host. (CVE-2010-2938, Moderate)

* Information leak flaws were found in the Linux kernel's Traffic Control
  Unit implementation. A local attacker could use these flaws to cause the
  kernel to leak kernel memory to user-space, possibly leading to the
  disclosure of sensitive information. (CVE-2010-2942, Moderate)

* A flaw was found in the Linux kernel's XFS file system implementation.
  The file handle lookup could return an invalid inode as valid. If an XFS
  file system was mounted via NFS (Network File System), a local attacker
  could access stale data or overwrite existing data that reused the inodes.
  (CVE-2010-2943, Moderate)

* An integer overflow flaw was found in the extent range checking code in
  the Linux kernel's ext4 file system implementation. A local, unprivileged
  user with write access to an ext4-mounted file system could trigger this
  flaw by writing to a file at a very large file offset, resulting in a local
  denial of service. (CVE-2010-3015, Moderate)

* An information leak flaw was found in the Linux kernel's USB
  implementation. Certain USB errors could result in an uninitialized kernel
  buffer being sent to user space. An attacker with physical access to a
  target system could use this flaw to cause an information leak.
  (CVE-2010-1083, Low)

* When an application has a stack overflow, the stack could silently
  overwrite another memory-mapped area instead of a segmentation fault
  occurring, which could cause an application to execute arbitrary code,
  possibly leading to a privilege escalation. It is known that the X Window
  System server can be used to trigger this flaw. (CVE-2010-2240, Important)

* Instances of unsafe sprintf() use were found in the Linux kernel
  Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,
  or RFCOMM sockets could result in arbitrary memory pages being overwritten.
  A local, unprivileged user could use this flaw to cause a kernel panic
  (denial of service) or escalate their privileges. (CVE-2010-1084,
  Important)

* A flaw was found in the Xen hypervisor implementation when using the
  Intel Itanium architecture, allowing guests to enter an unsupported state.
  An unprivileged guest user could trigger this flaw by setting the BE (Big
  Endian) bit of the Processor Status Register (PSR), leading to the guest
  crashing (denial of service). (CVE-2010-2070, Important)

* A flaw was found in the CIFSSMBWrite() function in the Linux kernel
  Common Internet File System (CIFS) implementation. A remote attacker could
  send a specially-crafted SMB response packet to a target CIFS client,
  resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)

* Buffer overflow flaws were found in the Linux kernel's implementation of
  the server-side External Data Representation (XDR) for the Network File
  System (NFS) version 4. An attacker on the local network could send a
  specially-crafted large compound request to the NFSv4 server, which could
  possibly result in a kernel panic (denial of service) or, potentially, code
  execution. (CVE-2010-2521, Important)

* A flaw was found in the handling of SWAPEXT IOCTL in the Linux kernel
  XFS file system implementation. A local user could use this flaw to read
  write-only files, that they do not own, on an XFS file system. This could
  lead to unintended information disclosure. (CVE-2010-2226, Moderate)

* A flaw was found in the dns_resolver upcall used by CIFS. A local,
  unprivileged user could redirect a Microsoft Distributed File System link
  to another IP address, tricking the client into mounting the share from a
  server of the user's choosing. (CVE-2010-2524, Moderate)

* A missing check was found in the mext_check_arguments() function in the
  ext4 file system code. A local user could use this flaw to cause MOVE_EXT
  IOCTL to overwrite the contents of an append-only file on an ext4 file
  system, if they have write permissions for that file. (CVE-2010-2066,
  Low)

This update also includes fixes for the following Parallels Server issues:

* A NULL pointer dereference when configuring forwarding options for a
  virtual networking device was found (ovz#1658).

* Dropped packets statistics was not reported by the venet driver (#485907).

* The hardware ID value was recalculated and changed when configuring bridged
  devices (PCLIN-27682).

We highly recommend that all Parallels Server for Mac 4.0 Bare Metal Edition
users update their kernel to the latest version.

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Server for Mac 4.0 Bare Metal Edition distribution set.

--------------------------------------------------------------------------------

4. INSTALLING NEW KERNEL

To install the update, do the following:

I. Use the "rpm -ihv" command to install the new kernel and kernel modules.

# rpm -ivh vzkernel-2.6.18-028stab070.7.i686.rpm \
vzmodules-2.6.18-028stab070.7.i686.rpm \
parallels-kmod-4.0.5612.577097-1.2.6.18_028stab070.7.x86_64.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [33%]
    2:vzmodules              ################################# [66%]
    3:parallels-kmod         ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.

II. Reboot your computer with the "shutdown -r now" command to boot the new
     kernel.

--------------------------------------------------------------------------------

5. REQUIRED RPMS

Depending on the processor installed on the Hardware Node, the following RPM
packages are included in the kernel update:

 vzkernel-2.6.18-028stab070.7.x86_64.rpm
 vzmodules-2.6.18-028stab070.7.x86_64.rpm
 parallels-kmod-4.0.5648.553410-1.2.6.18_028stab070.7.x86_64.rpm

--------------------------------------------------------------------------------

6. REFERENCE LIST

https://rhn.redhat.com/errata/RHSA-2010-0723.html
https://rhn.redhat.com/errata/RHSA-2010-0661.html
https://rhn.redhat.com/errata/RHSA-2010-0610.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524

--------------------------------------------------------------------------------
Copyright © 1999-2010 Parallels Holdings, Ltd. and its affiliates. All rights 
reserved. 

a26b38f94253cdfbf1028d72cf3a498b 0fe456bdc1f41aefe37dd2554a60437e 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF