[Announce] Kernel RHEL6 testing 042stab076.5
Kir Kolyshkin
kir at openvz.org
Mon Mar 25 18:50:43 EDT 2013
OpenVZ project has released an updated RHEL6 based testing kernel. Read
below for more information.
NOTE that this is a *testing* kernel, not yet recommended for production.
Changes
=======
Since 042stab076.3:
This kernel is still based on 2.6.32-279.22.1.el6 Red Hat kernel, but a
set of security patches has been backported from
kernel-2.6.32-358.2.1.el6 RHEL6.4 kernel (RHSA-2013-0630):
* A flaw was found in the way the xen_iret() function in the Linux
kernel used the DS (the CPU's Data Segment) register. A local,
unprivileged user in a 32-bit, para-virtualized Xen hypervisor guest
could use this flaw to crash the guest or, potentially, escalate their
privileges. (CVE-2013-0228, Important)
* A flaw was found in the way file permission checks for the
"/dev/cpu/[x]/msr" files were performed in restricted root environments
(for example, when using a capability-based security model). A local
user with the ability to write to these files could use this flaw to
escalate their privileges to kernel level, for example, by writing to
the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)
Download
========
http://wiki.openvz.org/Download/kernel/rhel6-testing/042stab076.5
Bug reporting
=============
Use http://bugzilla.openvz.org/ to report any bugs found.
Other sources of info on updates
================================
See http://wiki.openvz.org/News to view all the news (including updates)
online. There you can also find RSS/Atom feed links.
Best regards,
OpenVZ team
More information about the Announce
mailing list