[Announce] [ANNOUNCE] Kernel RHEL6 stable 042stab120.2

Vasily Averin vvs at openvz.org
Mon Oct 24 01:14:38 PDT 2016 

OpenVZ project released an updated RHEL6 based kernel.
Read below for more information. Everyone is advised to update.

Changes and Download
====================
(since 042stab117.16)

* Rebase to RHEL6u8 kernel 2.6.32-642.6.1.el6 (security, bug fixes, and enhancements)
* Use-after-free in the recvmmsg exit path (CVE-2016-7117)
* Uninitialized variable in request_key handling causes kernel crash in error handling path (CVE-2016-4470)
* infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565)
* Heap buffer overflow in hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possibly escalating their privileges or crashing the system. (CVE-2016-5829)
* Under certain conditions, free or top run inside a container could show that zero memory was used. (PSBM-42024)
* FUSE improvements. (PSBM-49057, PSBM-49825)
* cpt: Containers with deleted sockets on tmpfs file system could not be resumed after suspend. (PSBM-49584)
* Ploop improvements. (PSBM-47696, PSBM-49747)
* ext4: Parallel mounting of multiple disks with lazy initialization takes too long. (PSBM-49847)
* Added per-container limit on the number of available network namespaces. (PSBM-53183)
* drbd: Out of memory error when invoking fence-peer handler. (OVZ-6777)

See also
========
https://rhn.redhat.com/errata/RHBA-2016-1185.html
https://rhn.redhat.com/errata/RHSA-2016-1406.html
https://rhn.redhat.com/errata/RHSA-2016-1664.html
https://rhn.redhat.com/errata/RHSA-2016-2006.html  
https://www.redhat.com/security/data/cve/CVE-2016-7117.html
https://www.redhat.com/security/data/cve/CVE-2016-4470.html
https://www.redhat.com/security/data/cve/CVE-2016-4565.html
https://www.redhat.com/security/data/cve/CVE-2016-5829.html

For more info and downloads, see:
https://openvz.org/Download/kernel/rhel6/042stab120.2

Bug reporting
=============
Use http://bugs.openvz.org/ to report any bugs found.


Other sources of info on updates
================================
See http://planet.openvz.org/ to view all the news (including updates)
online. There you can also find RSS/Atom feed links.

Regards,
    OpenVZ team

More information about the Announce mailing list