Search Type:
Search for:

Language:

Product:
Category:
No categories for selected product

CU-2.6.18-028stab064.8 Parallels Virtuozzo Containers for Linux 4.0 kernel update

Article ID: 6884 
Last Review: Nov,7 2009
Author: Anna Severinko
Last updated by: Anna Severinko APPLIES TO:
  • Virtuozzo Containers for Linux 4.0

Release notes

--------------------------------------------------------------------------------
Synopsis:        New Parallels Virtuozzo Containers 4.0 kernel provides
                          a fix for an important security vulnerability.
Issue date:      2009-11-06
Product:           Parallels Virtuozzo Containers 4.0
Keywords:       'security updates'

--------------------------------------------------------------------------------

This document provides information on the new Virtuozzo Containers 4.0 kernel,
version 2.6.18-028stab064.8.

© 1999-2009 Parallels Holdings, Ltd. and its affiliates. All rights reserved.

--------------------------------------------------------------------------------
TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Bugs Fixed
4. Obtaining New Kernel
5. Installing New Kernel
6. Required RPMs
7. Reference List

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Virtuozzo Containers 4.0 kernel provides
a fix for an important security vulnerability.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

The updated Virtuozzo Containers 4.0 kernel includes a fix for the following
security vulnerability fixed in the 2.6.18-164.6.1.el5 Red Hat kernel:

- A NULL pointer dereference flaw was found in each of the following functions
  in the Linux kernel: pipe_read_open(), pipe_write_open(), and
  pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could
  be released by other processes before it is used to update the pipe's reader
  and writer counters. This could lead to a local denial of service or
  privilege escalation. (CVE-2009-3547, Important)


We highly recommend that all Parallels Virtuozzo Containers 4.0 users update
their kernel to the latest version.

--------------------------------------------------------------------------------

3. BUGS FIXED

The following bug from the previous release has been fixed in the new
Virtuozzo Containers 4.0 kernel:

- #456385: A kernel panic due to a NULL pointer dereference in pipe_rdwr_open()
           (CVE-2009-3547)

The following OpenVZ bug has been fixed:

- #1358: "OpenVZ 2.6.18-x"-based kernels are vulnerable to CVE-2009-3547.

--------------------------------------------------------------------------------

4. OBTAINING NEW KERNEL

You can download and install the kernel update by using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.0 distribution set.

--------------------------------------------------------------------------------

5. INSTALLING NEW KERNEL

To install the update, perform the following operations:

I. Use the "rpm -ihv" command to install the new kernel and Virtuozzo modules.

# rpm -ivh vzkernel-2.6.18-028stab064.8.i686.rpm \
vzmodules-2.6.18-028stab064.8.i686.rpm
Preparing...                ################################# [100%]
    1:vzkernel               ################################# [50%]
    2:vzmodules              ################################# [100%]

    Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
    all the kernels previously installed on your system may be removed from
    the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
    loaded by default. If you use the LILO bootloader, please do not forget to
    execute the 'lilo' command to write the changes to the boot sector:

     # lilo
     Added Virtuozzo2 *
     Added Virtuozzo1
     Added linux
     Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new
     kernel.

--------------------------------------------------------------------------------

6. REQUIRED RPMS

Depending on the kind of processor on your Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- SMP:
   vzkernel-2.6.18-028stab064.8.i686.rpm
   vzmodules-2.6.18-028stab064.8.i686.rpm

- Enterprise:
   vzkernel-ent-2.6.18-028stab064.8.i686.rpm
   vzmodules-ent-2.6.18-028stab064.8.i686.rpm

- Enterprise with the 4GB split feature disabled:
   vzkernel-PAE-2.6.18-028stab064.8.i686.rpm
   vzmodules-PAE-2.6.18-028stab064.8.i686.rpm


x86_64 kernels:

- SMP:
   vzkernel-2.6.18-028stab064.8.x86_64.rpm
   vzmodules-2.6.18-028stab064.8.x86_64.rpm

--------------------------------------------------------------------------------

7. REFERENCE LIST

https://rhn.redhat.com/errata/RHSA-2009-1548.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547



Subscription for changes to this article Subscription for changes to this article

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
* - required fields
 
 
 
 
 
 
For Home
For Business
For Hosters
For SaaS
For Developers
 
Desktop Virtualization
- Parallels Desktop Switch to Mac Edition
- Parallels Desktop for Mac
- Parallels Desktop 4 for Windows & Linux
- Parallels Workstation Extreme
- Parallels Solution for Windows 7
Server Virtualization
- Parallels Server for Mac
- Parallels Server 4 Bare Metal
- Parallels Virtuozzo Containers
Automation
- Parallels Operations Automation
- Parallels Business Automation
- Parallels Virtual Automation
- Parallels Plesk Panel Suite
More Products