Issue date: 2016-07-15
1. What's Included in This Update
This update includes a new Virtuozzo 6.0 kernel 2.6.32-042stab117.8 based on the Red Hat Enterprise Linux 6.8 kernel 2.6.32-642.el6. The new kernel inherits a number of RHEL 6.8 security fixes and also provides a number of internal security fixes.
2. Bug Fixes
- kvm: reporting emulation failures to userspace. (CVE-2010-5313, CVE-2014-7842)
- File descriptors passed over unix sockets are not properly accounted. (CVE-2013-4312)
- x86: espfix not working for 32-bit KVM paravirt guests. (CVE-2014-8134)
- Buffer overflow with fraglist larger than MAX_SKB_FRAGS + 2 in virtio-net. (CVE-2015-5156)
- Mounting ext2 fs e2fsprogs/tests/f_orphan as ext4 crashes system. (CVE-2015-7509)
- MTU value is not validated in IPv6 stack causing packet loss. (CVE-2015-8215)
- Null pointer dereference when mounting ext4. (CVE-2015-8324)
- IPv6 connect causes DoS via NULL pointer dereference. (CVE-2015-8543)
- Numabalanced acquire cgroup_mutex for a long time. (PSBM-26897)
- cpt: incorrect restore of SKB resulting in warnings in tcp_recvmsg(). (PSBM-39332, PSBM-46741)
- Improved ext4 defragmentation. (PSBM-46563)
- CPU hotplug improvements (PSBM-46773).
- cpt: crash in nfs_fscache_dup_uniq_id on dump of container with NFS mounts inside. (PSBM-47216)
- cpt: crash in svc_age_temp_xprts_now() on stop of container with NFS mount. (PSBM-47515)
- cpt: crash on closing restored Unix sockets. (PSBM-47529)
- cpt: fixed restore of shared mounts. (PSBM-47639)
- ext4: crash in ext4_kill_sb() on mount of non-EXT4 filesystems (042stab114.2+ were affected) (PSBM-47782).
- swap: forbid exceeding ub swappages limit on global memory pressure. (PSBM-47836).
- 25-second delays can happen while logging in to systemd-based containers after container migration or host vzreboot. (PSBM-47889)
- Fixed operation of iputils-ping-20150815 (debian-9) inside containers. (OVZ-6744)
- module: removed warning about waiting module removal. (OVZ-6748)
- fs.mqueue.* sysctls can be changed inside containers. (OVZ-6757)
3. Obtaining the Update
You can download and install the update using the yum utility included in the Virtuozzo 6.0 distribution.
Copyright (c) 1999-2016 Parallels IP Holdings GmbH and its affiliates. All rights reserved.