Welcome, Guest Login

Support Center

Virtuozzo 6.0 Update 11 Hotfix 20 (6.0.11-3488)

Last Updated: Nov 18, 2016 04:16PM UTC

Issue date:        2016-11-18

1. What's Provided in This Update

This update provides a new Virtuozzo 6.0 kernel 2.6.32-042stab120.11 based on the Red Hat Enterprise Linux 6.8 kernel 2.6.32-642.6.1.el6. The new kernel provides stability and security fixes.

2. Bug Fixes

- Stack overflow via ecryptfs and /proc/$pid/environ. (CVE-2016-1583) It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system.
- Use after free in tcp_xmit_retransmit_queue. (CVE-2016-6828) A use after free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection.
- block: fix use-after-free in seq file. (CVE-2016-7910) Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.
- block: fix use-after-free in sys_ioprio_get(). (CVE-2016-7911) Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
- Creation of a network bridge can break IPv6 setup on host. (PSBM-50920) Kernels from 042stab117.x are affected.
- Servers with 10Gbps Intel NICs can crash in ixgbe_xmit_frame due to the iptables TCP REJECT rule. (OVZ-6811) Kernels from 042stab117.x are affected.
- CPT restore of containers with Unix sockets can crash the host. (OVZ-6823) All 042stab* kernels are affected.
- In rare cases, a false-positive warning could taint the kernel causing autotests to fail. (OVZ-6827) Kernels from 042stab112.x are affected.
- Other internal improvements.

3. Obtaining the Update

You can download and install the update using the yum utility included in the Virtuozzo 6.0 distribution.

4. References

https://www.redhat.com/security/data/cve/CVE-2016-1583.html
https://source.android.com/security/bulletin/2016-11-01.html
https://www.redhat.com/security/data/cve/CVE-2016-6828.html
https://infosec.cert-pa.it/cve-2016-7910.html
https://infosec.cert-pa.it/cve-2016-7911.html
https://access.redhat.com/solutions/2374831

--------------------------------------------------------------------------------
Copyright (c) 1999-2016 Parallels IP Holdings GmbH and its affiliates. All rights reserved.

Open a new case
















  • You can call our Support Team:

     +1 855-466-6670  Toll-free
     +1 425-689-7142  US
     +44 203-389-8331  UK
     +49 8914-379-4365  DE
     +7 499-609-2754  RU
e13d0138f9baaceff06b8753a609e5c0@virtuozzo.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete