Welcome, Guest Login

Support Center

Parallels Cloud Server 6.0 Update 1 Hotfix 2 (6.0.0-941)

Last Updated: Sep 08, 2016 01:18PM UTC
-----------------------------------------------------------------------
Synopsis:          New Parallels Cloud Server 6.0 kernel provides
                   an update with security fixes.
Product:           Parallels Cloud Server 6.0
Keywords:          "bugfix" "security"

-----------------------------------------------------------------------

This document provides information on the new Parallels Cloud Server 6.0 kernel, version 2.6.32-042stab075.2.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Obtaining New Kernel
4. References

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Parallels Cloud Server 6.0 kernel provides a new
kernel based on the Red Hat Enterprise Linux 6.3 kernel (2.6.32-279.22.1.el6).
The updated kernel includes a number of security fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

This update contains fixes for the following issues:

* A race condition was found in the way asynchronous I/O and fallocate()
interacted when using the ext4 file system. A local, unprivileged user
could use this flaw to expose random data from an extent whose data blocks
have not yet been written, and thus contain data from a deleted file. (CVE-2012-4508)

* A flaw was found in the way the vhost kernel module handled descriptors
that spanned multiple regions. A privileged guest user in a KVM guest could
use this flaw to crash the host or, potentially, escalate their privileges
on the host. (CVE-2013-0311)

* It was found that the default SCSI command filter does not accommodate
commands that overlap across device classes. A privileged guest user could
potentially use this flaw to write arbitrary data to an LUN that is
passed-through as read-only. (CVE-2012-4542)

* A flaw was found in the way the xen_failsafe_callback() function in the
Linux kernel handled the failed iret (interrupt return) instruction
notification from the Xen hypervisor. An unprivileged user in a 32-bit
para-virtualized guest could use this flaw to crash the guest. (CVE-2013-0190)

* A flaw was found in the way pmd_present() interacted with PROT_NONE
memory ranges when transparent hugepages were in use. A local, unprivileged
user could use this flaw to crash the system. (CVE-2013-0309)

* A flaw was found in the way CIPSO (Common IP Security Option) IP options
were validated when set from user mode. A local user able to set CIPSO IP
options on the socket could use this flaw to crash the system. (CVE-2013-0310)

--------------------------------------------------------------------------------

3. OBTAINING NEW KERNEL

You can download and install this kernel update using the yum utility included
in the Parallels Cloud Server 6.0 distribution set.

--------------------------------------------------------------------------------

4. REFERENCES

https://rhn.redhat.com/errata/RHSA-2013-0496.html

https://www.redhat.com/security/data/cve/CVE-2012-4508.html
https://www.redhat.com/security/data/cve/CVE-2012-4542.html
https://www.redhat.com/security/data/cve/CVE-2013-0190.html
https://www.redhat.com/security/data/cve/CVE-2013-0309.html
https://www.redhat.com/security/data/cve/CVE-2013-0310.html
https://www.redhat.com/security/data/cve/CVE-2013-0311.html

--------------------------------------------------------------------------------
Copyright (c) 1999-2013 Parallels Holdings, Ltd. and its affiliates. All rights
reserved.

Open a new case
















  • You can call our Support Team:

     +1 855-466-6670  Toll-free
     +1 425-689-7142  US
     +44 203-389-8331  UK
     +49 8914-379-4365  DE
     +7 499-609-2754  RU
e13d0138f9baaceff06b8753a609e5c0@virtuozzo.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete