Сергей Бронников (estetus) wrote in openvz,
Сергей Бронников
estetus
openvz

[Security] Important information about latest kernel updates

Last time we released a few kernel updates with security fixes:



  • Critical security issue was fixed in OpenVZ kernel 2.6.32-042stab108.7


  • OpenVZ kernel team discovered security issue that allows privileged user inside
    container to get access to files on host. All kind of containers affected: simfs, ploop and vzfs. Affected all kernels since 2.6.32-042stab105.x

    Note: RHEL5-based kernels 2.6.18, Red Hat and mainline kernels are not affected.

  • 8 security issues fixed in OpenVZ kernel 2.6.32-042stab108.8



    • CVE-2014-3184 HID: off by one error in various _report_fixup routines

    • CVE-2014-3940 missing check during hugepage migration

    • CVE-2014-4652 ALSA: control: protect user controls against races & memory disclosure

    • CVE-2014-8133 x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS

    • CVE-2014-8709 net: mac80211: plain text information leak

    • CVE-2014-9683 buffer overflow in eCryptfs

    • CVE-2015-0239 kvm: insufficient sysenter emulation when invoked from 16-bit code

    • CVE-2015-3339 kernel: race condition between chown() and execve()



    Note: RHEL5-based kernels 2.6.18 are not affected.

    It is quite critical to install latest OpenVZ kernel to protect your systems.
    Please reboot your nodes into fixed kernels or install live patches from Kernel Care.
Tags: kernel, security
Subscribe

  • OpenVZ 7.0 released

    I'm pleased to announce the release of OpenVZ 7.0. The new release focuses on merging OpenVZ and Virtuozzo source codebase, replacing our own…

  • Meet OpenVZ at FOSDEM 2016

    The most important gathering of free software and open source enthusiasts in Europe is coming on Jan 30-31, in Brussels and OpenVZ will have a…

  • Join Our Team at OpenStack Summit 2015 Tokyo

    We're very excited that this year OpenVZ will have exhibit space at OpenStack Summit in Tokyo Japan, October 27-30. We will be showing and demoing…

  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments