Welcome, Guest Login

Support Center

Parallels Cloud Server 6.0 Update 6 Hotfix 10 (6.0.6-2007)

Last Updated: Sep 08, 2016 03:24PM UTC
-----------------------------------------------------------------------
Synopsis:          A Parallels Cloud Server 6.0 kernel update
                   introducing a security fix.
Product:           Parallels Cloud Server 6.0
Keywords:          'security'
-----------------------------------------------------------------------
 
1. What's Included in This Update
 
This update includes a new Parallels Cloud Server 6.0 kernel (2.6.32-042stab092.2) based on the Red Hat Enterprise Linux 6.5 kernel (2.6.32-431.20.3.el6). The new kernel introduces a security fix.
 
2. Bug Fixes
 
- A critical issue in the Linux kernel's ptrace subsystem code could allow unprivileged local Container users to crash the host system and likely gain host system's root privileges. (#PSBM-27973)
  On Intel CPUs, sysret to non-canonical address causes a fault on the sysret instruction itself after the stack pointer is set to a user mode value but before the CPL is changed. Systems running on AMD CPUs are not vulnerable to this issue as sysret on AMD CPUs does not generate a fault before the CPL change.
  It was found that certain Linux kernel's ptrace subsystem code paths allow the tracer to set tracee's instruction pointer to non-canonical address which is later used on tracee's return to user mode via the sysret instruction, effectively bypassing the hardening introduced via the fixes for CVE-2005-1764 (introduced guard page between the end of the user-mode accessible virtual address space and the beginning of the non-canonical) and CVE-2006-0744 (system call handler hardening).
 
3. Obtaining the Update
 
You can download and install the update using the yum utility included in the Parallels Cloud Server 6.0 distribution.
 
4. References
 
http://seclists.org/oss-sec/2014/q3/46
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699
https://access.redhat.com/security/cve/CVE-2014-4699
https://git.kernel.org/linus/b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a
 
--------------------------------------------------------------------------------
Copyright (c) 1999-2014 Parallels IP Holdings GmbH and its affiliates. All rights reserved.

Open a new case
















  • You can call our Support Team:

     +1 855-466-6670  Toll-free
     +1 425-689-7142  US
     +44 203-389-8331  UK
     +49 8914-379-4365  DE
     +7 499-609-2754  RU
e13d0138f9baaceff06b8753a609e5c0@virtuozzo.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete