Product:
Search Type:

CU-2.6.9-023stab046.2

Article ID: 3533 
Last Review: Dec,26 2007
APPLIES TO:
  • Virtuozzo for Linux

RESOLUTION

--------------------------------------------------------------------------------
Synopsis: New Virtuozzo 3.0 kernel provides security updates, driver
updates, and some other important fixes.
Issue date: 2007-12-19
Product: Virtuozzo 3.0
Keywords: security updates, driver update, stability fixes
--------------------------------------------------------------------------------

This document provides information on the new Virtuozzo 3.0 kernel, version
2.6.9-023stab046.2.

(c) SWsoft, 2007. All rights reserved.

--------------------------------------------------------------------------------

TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Bugs Fixed
4. Obtaining New Kernel
5. Installing New Kernel
6. Required RPMs
7. Reference List

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Virtuozzo 3.0 kernel provides a new kernel based on
the Red Hat 4 Update 6 kernel (2.6.9-67.EL). The updated kernel includes a
number of security updates, driver updates, and important stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

The updated Virtuozzo 3.0 kernel includes fixes for the following security
vulnerabilities:

- A memory leak in the Red Hat Content Accelerator kernel patch in both the
Linux Red Hat and Virtuozzo kernels allows local users to cause a denial
of service (memory exhaustion) via a large number of open requests
involving O_ATOMICLOOKUP (CVE-2007-5494).

- The wait_task_stopped() function both in the Linux and Virtuozzo kernels
checks the TASK_TRACED bit instead of the exit_state value, which allows
local users to cause a denial of service (server crash) via unspecified
vectors (CVE-2007-5500).


The updated Virtuozzo 3.0 kernel includes fixes for the following issues:

- ext3 may become corrupted due to the presence of bad inodes in the orphan
list. The following message may accompany the corruption:
"EXT3-fs warning (device sda6): ext3_unlink: Deleting nonexistent file
(37901290), 0
Inode 00000101a15b7840: orphan list check failed!"

- [CIFS]: A memory corruption due to bad error handling in the cifs code may
cause an unexpected system behavior. The following message may accompany
the memory corruption:
"CIFS VFS: Invalid size SMB length 4 pdu_length 4".

- Reducing the number of CPUs to be available to a VE using the "--cpus"
option of the "vzctl set" command may cause a system crash.

- [CPT]: In kernels with the 4GB split technology enabled (x86 architecture,
enterprise kernel), online migration may fail due to a bug in the
kernel/userspace segmentation handling in the CPT restoration code.

- [CPT]: Under certain circumstances, /proc is considered as an external
mount point, which causes online migration to fail.

- [CPT]: Online migration may fail due to a bug in the SLM structures
restoration with the following message:
"Can't undump: Channel number out of range".

- [CPT]: Migrating a VE with the Oracle application installed may fail due
to a bug in the process start time restoration.

- The network does not operate if network interfaces are configured in the
802.3ad bonding mode.

- [ext3]: A non-destructive assertion accomplishes with the following message:
"Assertion failure in log_do_checkpoint() at fs/jbd/checkpoint.c:363:
"drop_count != 0 || cleanup_ret != 0"".

- A kernel memory leak in the IPC code may occur due to a mistake in managing
already locked segments in both the Linux Red Hat and Virtuozzo kernels.

- If the SLM mode is disabled, a userbeancounter (UB) reference leak may
occur causig the UB information to remain in /proc/user_beancounters after
a VE is stopped.

- A missed process wake-up may stall data transfer if the value of the
TCPSNDBUF parameter has been exceeded.

- A leak in PRIVVMPAGES may occur on mapping zero pages (for example, when
copying from /dev/zero).

- Unmounting an NFS partition having the simfs filesystem mounted over it and
vzquota enabled may cause a system crash.


The updated Virtuozzo 3.0 kernel includes a number of updated drivers:

- HP Controller SA5xxx SA6xxx driver
(cciss driver 2.6.16.RH1 version)

- Acronis True Image driver
(snapapi driver 0.7.23 version)

- Universal TUN/TAP device driver
(tun driver 1.6 version)


Besides, the new Virtuozzo 3.0 kernel includes the following improvements:

- The kernel has been re-based on the 2.6.9-67.EL4 Red Hat kernel.

- The support for the tun/tap devices online migration has been added.

- [CPT]: vzmigrate error messages have been made more verbose.


We highly recommend that all Virtuozzo 3.0 users update their kernel to the
latest version.

--------------------------------------------------------------------------------

3. BUGS FIXED

The following bugs from the previous release have been fixed in the new
Virtuozzo 3.0 kernel:

- #92189: A memory leak caused by an application which uses O_ATOMICLOOKUP
flag for open() call (CVE-2007-5494).

- #96307: wait_task_stopped() incorrectly checks the process state
(CVE-2007-5500).

- #83419: ext3 orphan list corruption due to bad inodes in the list.

- #93807: [CIFS]: incorrect kernel_recvmsg() error handling in cifs code.

- #93979: [CPT]: A forked process should re-copy vcpu from current process
because the old one could become invalid.

- #85041: [CPT] [4GB split]: Missed KERNEL_DS handling in CPT restoration code.

- #87718: [CPT]: Incorrect mount type determination (internal/external).

- #89714: [CPT]: SLM group regulator could be restored incorrectly during the
online migration.

- #96300: [CPT]: A process start time was restored incorrectly during the
online migration.

- #79891: [ext3]: JBD cleanup code could skip the last buffer in the list to
be deleted.

- #78998: A possible kernel memory leak in IPC code.

- #77231: A potential beancounter refcount leak.

- #89127: A missed wakeup on exceeding TCPSNDBUF.

- #80246: A leak in PRIVVMPAGES on mapping zero pages.

- #91898: The HP CISS driver should be updated.

- #90769: The Acronis True Image driver should be updated.

- #83180: [CPT]: vzmigrate does not print the name of the file that it fails
to open.

The following OpenVZ bugs have been fixed:

- #666: Incorrect carrier state determination for 802.3ad bonding mode.

- #541: vzquota should handle correctly NULL sb->put_super, in particular on
NFS.

- #642: The support for tun/tap devices online migration is required.

--------------------------------------------------------------------------------

4. OBTAINING NEW KERNEL

You can get this kernel update in one of the following ways:

- You can download the update from ftp://downloads.swsoft.com.
If you do not have an ftp account, please contact pavel@swsoft.com.

- You can download and install the update by using the vzup2date
utility included in the Virtuozzo 3.0 distribution set.

--------------------------------------------------------------------------------

5. INSTALLING NEW KERNEL

To install the update, you should perform the following operations:

I. Use the "rpm -ihv" command to install the new kernel and Virtuozzo modules.

# rpm -ivh vzkernel-smp-2.6.9-023stab046.2.i686.rpm \
vzmodules-smp-2.6.9-023stab046.2.i686.rpm
Preparing... ################################# [100%]
1:vzkernel-smp ################################# [50%]
2:vzmodules-smp ################################# [100%]

Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
all the kernels previously installed on your system may be removed from
the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
loaded by default. If you use the LILO bootloader, please do not forget to
execute the 'lilo' command to write the changes to the boot sector:

# lilo
Added Virtuozzo2 *
Added Virtuozzo1
Added linux
Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new
kernel.

--------------------------------------------------------------------------------

6. REQUIRED RPMS

Depending on the kind of processor on your Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- Uniprocessor:
vzkernel-2.6.9-023stab046.2.i686.rpm
vzmodules-2.6.9-023stab046.2.i686.rpm

- SMP:
vzkernel-smp-2.6.9-023stab046.2.i686.rpm
vzmodules-smp-2.6.9-023stab046.2.i686.rpm

- Enterprise:
vzkernel-enterprise-2.6.9-023stab046.2.i686.rpm
vzmodules-enterprise-2.6.9-023stab046.2.i686.rpm

- Enterprise with the 4GB split feature disabled:
vzkernel-entnosplit-2.6.9-023stab046.2.i686.rpm
vzmodules-entnosplit-2.6.9-023stab046.2.i686.rpm


x86_64 kernels:

- Uniprocessor:
vzkernel-2.6.9-023stab046.2.x86_64.rpm
vzmodules-2.6.9-023stab046.2.x86_64.rpm

- SMP:
vzkernel-smp-2.6.9-023stab046.2.x86_64.rpm
vzmodules-smp-2.6.9-023stab046.2.x86_64.rpm

ia64 kernel:
vzkernel-2.6.9-023stab046.2.ia64.rpm
vzmodules-2.6.9-023stab046.2.ia64.rpm

--------------------------------------------------------------------------------

7. REFERENCE LIST

The following references have been used in this document:

- https://rhn.redhat.com/errata/RHBA-2007-0791.html

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5494

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5500

Keywords: update

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
*Please type the code you can see.
* - required fields