[Announce] [Security] Important information about latest kernel updates

Sergey Bronnikov sergeyb at openvz.org
Thu Jul 23 06:19:00 PDT 2015


Hello, everyone

last time we released a few kernel updates with security fixes:

* Critical security issue was fixed in OpenVZ kernel 2.6.32-042stab108.7 [1]

	OpenVZ kernel team discovered security issue that allows privileged user inside
	container to get access to files on host.
	All kind of containers affected: simfs, ploop and vzfs
	Affected all kernels since 2.6.32-042stab105.x

	RHEL5-based kernels 2.6.18, Red Hat and mainline kernels are not affected.

* 8 security issues fixed in OpenVZ kernel 2.6.32-042stab108.8 [2]

	CVE-2014-3184 HID: off by one error in various _report_fixup routines
	CVE-2014-3940 missing check during hugepage migration
	CVE-2014-4652 ALSA: control: protect user controls against races & memory disclosure
	CVE-2014-8133 x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS
	CVE-2014-8709 net: mac80211: plain text information leak
	CVE-2014-9683 buffer overflow in eCryptfs
	CVE-2015-0239 kvm: insufficient sysenter emulation when invoked from 16-bit code
	CVE-2015-3339 kernel: race condition between chown() and execve()

	RHEL5-based kernels 2.6.18 are not affected.

It is quite critical to install latest OpenVZ kernel to protect your systems.
Please reboot your nodes into fixed kernels or install live patches from Kernel
Care.

Links
===========

[1] http://lists.openvz.org/pipermail/announce/2015-July/000611.html
[2] http://lists.openvz.org/pipermail/announce/2015-July/000615.html

Regards,
    OpenVZ team


More information about the Announce mailing list