[Announce] [security] New release: kernel 2.6.8-022stab078.14
Dmitry Mishin
dim at openvz.org
Fri Jul 21 06:38:01 EDT 2006
OpenVZ project has released a new stable kernel with latest security fixes
from mainstream.
Read below for more information. Everybody who is using stable
kernel is advised to upgrade.
Changes
=======
The updated kernel includes fixes for the following
security vulnerabilities:
- CVE-2006-3626: A vulnerability has been identified in Linux Kernel, which
could be exploited by local attackers to obtain elevated privileges.
This flaw is due to a race condition in the "pid_revalidate()" and
"tid_fd_revalidate()" [fs/proc/base.c] functions, which could be exploited
by malicious users to execute arbitrary commands with "root" privileges.
This bug allowed unprivileged users from one VPS to gain VPS root
privileges.
- CVE-2006-1523: Improper use of BUG_ON in the "__group_complete_signal()"
function may in certain cases be exploited to cause unwanted process
crashes.
For the complete changelog, see
http://openvz.org/news/updates/kernel-022stab078.14
Compatibility
=============
No new issues.
Download
========
http://openvz.org/download/kernel/stable/archives/2.6.8-022stab078.14
Bug reporting
=============
Use http://bugzilla.openvz.org/ to report any bugs found.
Best regards,
OpenVZ team.
More information about the Announce
mailing list