Article ID: 9391, created on Dec 1, 2010, last review on Apr 17, 2012

  • Applies to:
  • Virtuozzo hypervisor 4.0 for Mac Bare Metal

Resolution

--------------------------------------------------------------------------------
Synopsis:          New Parallels Server for Mac 4.0 Bare Metal Edition kernel
                   provides security and stability update
Issue date:        2011-11-29
Product:           Parallels Server for Mac 4.0 Bare Metal Edition
Keywords:          'security' 'stability'

--------------------------------------------------------------------------------

This document provides information on the new Parallels Server for Mac 4.0 Bare
Metal Edition kernel, version 2.6.18-028stab070.14

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. Installing New Kernel
5. Required RPMs
6. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Server for Mac 4.0 Bare Metal Edition
kernel provides a new kernel based on the new Red Hat 5 kernel
(2.6.18-194.26.1.el5). The updated kernel provides a number of security and
stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update fixes the following security issues:

* A NULL pointer dereference flaw was found in the io_submit_one() function
in the Linux kernel asynchronous I/O implementation. A local, unprivileged
user could use this flaw to cause a denial of service. (CVE-2010-3066,
Moderate)

* A flaw was found in the xfs_ioc_fsgetxattr() function in the Linux kernel
XFS file system implementation. A data structure in xfs_ioc_fsgetxattr()
was not initialized properly before being copied to user-space. A local,
unprivileged user could use this flaw to cause an information leak.
(CVE-2010-3078, Moderate)

* The exception fixup code for the __futex_atomic_op1, __futex_atomic_op2,
and futex_atomic_cmpxchg_inatomic() macros replaced the LOCK prefix with a
NOP instruction. A local, unprivileged user could use this flaw to cause a
denial of service. (CVE-2010-3086, Moderate)

* A flaw was found in the tcf_act_police_dump() function in the Linux
kernel network traffic policing implementation. A data structure in
tcf_act_police_dump() was not initialized properly before being copied to
user-space. A local, unprivileged user could use this flaw to cause an
information leak. (CVE-2010-3477, Moderate)

* A missing upper bound integer check was found in the sys_io_submit()
function in the Linux kernel asynchronous I/O implementation. A local,
unprivileged user could use this flaw to cause an information leak.
(CVE-2010-3067, Low)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the vzup2date utility
included in the Parallels Server for Mac 4.0 Bare Metal Edition distribution
set.

--------------------------------------------------------------------------------

4. INSTALLING NEW KERNEL

To install the update, do the following:

I. Use the "rpm -ihv" command to install the new kernel and Parallels Server
   modules.

# rpm -ivh vzkernel-2.6.18-028stab070.14.i686.rpm \
vzmodules-2.6.18-028stab070.14.i686.rpm \
parallels-kmod-4.0.5612.577097-1.2.6.18_028stab070.14.x86_64.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [33%]
    2:vzmodules              ################################# [67%]
    2:parallels-kmod         ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.

II. Reboot your computer with the "shutdown -r now" command to boot the new
     kernel.

--------------------------------------------------------------------------------

5. REQUIRED RPMS

The following RPM packages are included in the kernel update:

   vzkernel-2.6.18-028stab070.14.x86_64.rpm
   vzmodules-2.6.18-028stab070.14.x86_64.rpm
   parallels-kmod-4.0.5612.577097-1.2.6.18_028stab070.14.x86_64.rpm

6. References

https://rhn.redhat.com/errata/RHSA-2010-0839.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3066.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3067.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3078.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3086.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3477.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2010 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

a26b38f94253cdfbf1028d72cf3a498b 0fe456bdc1f41aefe37dd2554a60437e 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF