Welcome, Guest Login

Support Center

Virtuozzo (formerly Parallels Cloud Server) 6.0 Update 9 Hotfix 8 (6.0.9-2831)

Last Updated: Sep 08, 2016 02:25PM UTC

Issue date: 2015-06-19

1. What's Included in This Update

This update includes a new Virtuozzo (formerly Parallels Cloud Server) 6.0 kernel (2.6.32-042stab108.5) based on the Red Hat Enterprise Linux 6.6 kernel (2.6.32-504.16.2.el6). The new kernel introduces stability and security fixes.

2. Bug Fixes

  • An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process. (CVE-2014-9419)

  • It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service. (CVE-2014-9420)

  • An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585)

  • It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805)

  • A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. (CVE-2015-2925) An owner of a simfs-based container could use this flaw to get access to files on host. VZFS and ploop containers are not affected. (#OVZ-3256)

  • A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AES-GCM mode IPSec security association. (CVE-2015-3331)

  • Under certain network workload, a container checkpoint/restore operation could result in conntrack duplication which could prevent online migration of the container. (#PSBM-32411)

  • CPT image compatibility was broken in 042stab108.x kernels. As a result, a received but nondelivered TCP packet saved into the CPT image could, under certain circumstances, lose TCP flags during restore on 042stab108.x kernels. Incorrect processing of restored packets and could result in unexpected kernel warnings or issues with userspace applications. (#PSBM-33549, #OVZ-3237)

  • Container restore could lead to host crash if tar inside the container incorrectly restored tty device files. (#PSBM-32795)

3. Obtaining the Update

You can download and install the update using the yum utility included in the Virtuozzo (formerly Parallels Cloud Server) 6.0 distribution.

4. References

https://rhn.redhat.com/errata/RHSA-2015-1081.html

https://access.redhat.com/security/cve/CVE-2014-9419

https://access.redhat.com/security/cve/CVE-2014-9420

https://access.redhat.com/security/cve/CVE-2014-9585

https://access.redhat.com/security/cve/CVE-2015-1805

https://access.redhat.com/security/cve/CVE-2015-2925

https://access.redhat.com/security/cve/CVE-2015-3331


Copyright (c) 1999-2015 Parallels IP Holdings GmbH and its affiliates. All rights reserved.

Open a new case
















  • You can call our Support Team:

     +1 855-466-6670  Toll-free
     +1 425-689-7142  US
     +44 203-389-8331  UK
     +49 8914-379-4365  DE
     +7 499-609-2754  RU
e13d0138f9baaceff06b8753a609e5c0@virtuozzo.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete