Welcome, Guest Login

Support Center

Virtuozzo (formerly Parallels Cloud Server) 6.0 Update 9 Hotfix 11 (6.0.9-2837)

Last Updated: Sep 08, 2016 03:06PM UTC

Issue date: 2015-07-20

1. What's Included in This Update

This update includes a new Virtuozzo (formerly Parallels Cloud Server) 6.0 kernel (2.6.32-042stab108.7) based on the Red Hat Enterprise Linux 6.6 kernel (2.6.32-504.16.2.el6). The new kernel introduces stability and security fixes.

2. Bug Fixes

  • A privileged user inside a container could get access to files on the host. (#PSBM-34869)

  • A NULL pointer dereference flaw was found in the way the Linux kernel's virtual console implementation handled reference counting when accessing pseudo-terminal device files (/dev/pts/*). A local, unprivileged attacker could use this flaw to crash the system. (CVE-2011-5321)

  • It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636)

  • An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593)

  • A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-2830)

  • It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. (CVE-2015-2922)

3. Obtaining the Update

You can download and install the update using the yum utility included in the Virtuozzo (formerly Parallels Cloud Server) 6.0 distribution.

4. References

https://rhn.redhat.com/errata/RHSA-2015-1221.html

https://www.redhat.com/security/data/cve/CVE-2011-5321.html

https://www.redhat.com/security/data/cve/CVE-2015-1593.html

https://www.redhat.com/security/data/cve/CVE-2015-2830.html

https://www.redhat.com/security/data/cve/CVE-2015-2922.html

https://www.redhat.com/security/data/cve/CVE-2015-3636.html


Copyright (c) 1999-2015 Parallels IP Holdings GmbH and its affiliates. All rights reserved.

Open a new case
















  • You can call our Support Team:

     +1 855-466-6670  Toll-free
     +1 425-689-7142  US
     +44 203-389-8331  UK
     +49 8914-379-4365  DE
     +7 499-609-2754  RU
e13d0138f9baaceff06b8753a609e5c0@virtuozzo.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete