[Announce] Kernel RHEL6 testing 042stab116.1
Kir Kolyshkin
kir at openvz.org
Wed May 25 17:01:42 PDT 2016
OpenVZ project released an updated RHEL6 based testing kernel.
Read below for more information. Everyone is advised to update.
Changes and Download
====================
(since 042stab114.5)
* Rebase to RHEL6 kernel 2.6.32-573.26.1.el6
* A flaw was found in the way the Linux kernel handled IRET faults
during the processing of NMIs. An unprivileged, local user could use
this flaw to crash the system or, potentially (although highly
unlikely), escalate their privileges on the system. (CVE-2015-5157)
* A race condition flaw was found in the way the Linux kernel's SCTP
implementation handled sctp_accept() during the processing of heartbeat
timeout events. A remote attacker could use this flaw to prevent further
connections to be accepted by the SCTP server running on the system,
resulting in a denial of service. (CVE-2015-8767)
* NFS client with kernels 2.6.32-573.10.2.el6 or above could hang with
'not responding, still trying' messages and running processes in
spinlock. (https://access.redhat.com/solutions/2215491)
* Network devices that used the mainline veth driver did not check TCP
checksums. (https://access.redhat.com/solutions/2216661)
NB! vethX interfaces of OpenVZ and VZ containers are not affected as
they use a different driver.
The affected veth driver was used inside Docker-ready containers or
could be used by host admin for their own purposes.
* Warning at drivers/block/ploop/io_direct_map.c:841
trim_extent_mappings. (PSBM-45999)
* LDT entries were incorrectly restored from CPT image. (OVZ-6228)
* some internal fixes
See also
========
http://rhn.redhat.com/errata/RHSA-2016-0715.html
https://access.redhat.com/security/cve/CVE-2015-5157
https://access.redhat.com/security/cve/CVE-2015-8767
For more info and downloads, see:
https://openvz.org/Download/kernel/rhel6-testing/042stab116.1
Bug reporting
=============
Use http://bugs.openvz.org/ to report any bugs found.
Other sources of info on updates
================================
See http://planet.openvz.org/ to view all the news (including updates)
online. There you can also find RSS/Atom feed links.
Regards,
OpenVZ team.
More information about the Announce
mailing list