[Announce] [security] Kernel RHEL6 042stab075.2 (stable)

Kir Kolyshkin kir at openvz.org
Tue Mar 12 12:35:25 EDT 2013 

OpenVZ project has released a new RHEL6 based stable kernel. Read below 
for more information. Everyone using this kernel branch is advised to 
upgrade.

Changes
=======
Since 042stab074.10:

Backported a set of security patches from 2.6.32-358.el6 RHEL6.4 kernel:

* A race condition was found in the way asynchronous I/O and fallocate() 
interacted when using the ext4 file system. A local, unprivileged user 
could use this flaw to expose random data from an extent whose data 
blocks have not yet been written, and thus contain data from a deleted 
file. (CVE-2012-4508, Important)

* A flaw was found in the way the vhost kernel module handled 
descriptors that spanned multiple regions. A privileged guest user in a 
KVM guest could use this flaw to crash the host or, potentially, 
escalate their privileges on the host. (CVE-2013-0311, Important)

* It was found that the default SCSI command filter does not accommodate 
commands that overlap across device classes. A privileged guest user 
could potentially use this flaw to write arbitrary data to a LUN that is 
passed-through as read-only. (CVE-2012-4542, Moderate)

* A flaw was found in the way the xen_failsafe_callback() function in 
the Linux kernel handled the failed iret (interrupt return) instruction 
notification from the Xen hypervisor. An unprivileged user in a 32-bit 
para-virtualized guest could use this flaw to crash the guest. 
(CVE-2013-0190, Moderate)

* A flaw was found in the way pmd_present() interacted with PROT_NONE 
memory ranges when transparent hugepages were in use. A local, 
unprivileged user could use this flaw to crash the system. 
(CVE-2013-0309, Moderate)

* A flaw was found in the way CIPSO (Common IP Security Option) IP 
options were validated when set from user mode. A local user able to set 
CIPSO IP options on the socket could use this flaw to crash the system. 
(CVE-2013-0310, Moderate)


Download
========
http://wiki.openvz.org/Download/kernel/rhel6/042stab075.2


Bug reporting
=============
Use http://bugzilla.openvz.org/ to report any bugs found.


Other sources of info on updates
================================
See http://wiki.openvz.org/News to view all the news (including updates)
online. There you can also find RSS feed links.


Best regards,
   OpenVZ team

More information about the Announce mailing list