<?xml version="1.0" encoding="utf-8"?>
<!-- If you are running a bot please visit this policy page outlining rules you must respect. https://www.livejournal.com/bots/ -->
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:lj="https://www.livejournal.com">
  <id>urn:lj:livejournal.com:atom1:openvz</id>
  <title>OpenVZ</title>
  <subtitle>OpenVZ</subtitle>
  <author>
    <name>OpenVZ</name>
  </author>
  <link rel="alternate" type="text/html" href="https://openvz.livejournal.com/"/>
  <link rel="self" type="text/xml" href="https://openvz.livejournal.com/data/atom"/>
  <updated>2015-07-24T10:13:01Z</updated>
  <lj:journal userid="9392309" username="openvz" type="community"/>
  <link rel="service.feed" type="application/x.atom+xml" href="https://openvz.livejournal.com/data/atom" title="OpenVZ"/>
  <entry>
    <id>urn:lj:livejournal.com:atom1:openvz:51375</id>
    <author>
      <name>Сергей Бронников</name>
    </author>
    <lj:poster user="estetus" userid="12957684"/>
    <link rel="alternate" type="text/html" href="https://openvz.livejournal.com/51375.html"/>
    <link rel="self" type="text/xml" href="https://openvz.livejournal.com/data/atom/?itemid=51375"/>
    <title>[Security] Important information about latest kernel	updates</title>
    <published>2015-07-23T13:40:11Z</published>
    <updated>2015-07-24T10:13:01Z</updated>
    <content type="html">Last time we released a few kernel updates with security fixes:&lt;br /&gt;&lt;br /&gt;&lt;ul&gt;&lt;br /&gt;&lt;br /&gt;&lt;li&gt;Critical security issue was fixed in &lt;a href="https://openvz.org/Download/kernel/rhel6/042stab108.7" target="_blank" rel="nofollow"&gt;OpenVZ kernel 2.6.32-042stab108.7&lt;/a&gt;&lt;/li&gt;&lt;br /&gt;&lt;br /&gt;OpenVZ kernel team discovered security issue that allows privileged user inside&lt;br /&gt;container to get access to files on host. All kind of containers affected: simfs, ploop and vzfs. Affected all kernels since 2.6.32-042stab105.x&lt;br /&gt;&lt;br /&gt;Note: RHEL5-based kernels 2.6.18, Red Hat and mainline kernels are not affected.&lt;br /&gt;&lt;br /&gt;&lt;li&gt;8 security issues fixed in &lt;a href="https://openvz.org/Download/kernel/rhel6/042stab108.8" target="_blank" rel="nofollow"&gt;OpenVZ kernel 2.6.32-042stab108.8&lt;/a&gt;&lt;/li&gt;&lt;br /&gt;&lt;br /&gt;&lt;ul&gt;&lt;br /&gt;&lt;li&gt;&lt;a href="https://www.redhat.com/security/data/cve/CVE-2014-3184.html" target="_blank" rel="nofollow"&gt;CVE-2014-3184&lt;/a&gt; HID: off by one error in various _report_fixup routines&lt;/li&gt;&lt;br /&gt;&lt;li&gt;&lt;a href="https://www.redhat.com/security/data/cve/CVE-2014-3940.html" target="_blank" rel="nofollow"&gt;CVE-2014-3940&lt;/a&gt; missing check during hugepage migration&lt;/li&gt;&lt;br /&gt;&lt;li&gt;&lt;a href="https://www.redhat.com/security/data/cve/CVE-2014-4652.html" target="_blank" rel="nofollow"&gt;CVE-2014-4652&lt;/a&gt; ALSA: control: protect user controls against races &amp; memory disclosure&lt;/li&gt;&lt;br /&gt;&lt;li&gt;&lt;a href="https://www.redhat.com/security/data/cve/CVE-2014-8133.html" target="_blank" rel="nofollow"&gt;CVE-2014-8133&lt;/a&gt; x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS&lt;/li&gt;&lt;br /&gt;&lt;li&gt;&lt;a href="https://www.redhat.com/security/data/cve/CVE-2014-8709.html" target="_blank" rel="nofollow"&gt;CVE-2014-8709&lt;/a&gt; net: mac80211: plain text information leak&lt;/li&gt;&lt;br /&gt;&lt;li&gt;&lt;a href="https://www.redhat.com/security/data/cve/CVE-2014-9683.html" target="_blank" rel="nofollow"&gt;CVE-2014-9683&lt;/a&gt; buffer overflow in eCryptfs&lt;/li&gt;&lt;br /&gt;&lt;li&gt;&lt;a href="https://www.redhat.com/security/data/cve/CVE-2015-0239.html" target="_blank" rel="nofollow"&gt;CVE-2015-0239&lt;/a&gt; kvm: insufficient sysenter emulation when invoked from 16-bit code&lt;/li&gt;&lt;br /&gt;&lt;li&gt;&lt;a href="https://www.redhat.com/security/data/cve/CVE-2015-3339.html" target="_blank" rel="nofollow"&gt;CVE-2015-3339&lt;/a&gt; kernel: race condition between chown() and execve()&lt;/li&gt;&lt;br /&gt;&lt;/ul&gt;&lt;br /&gt;&lt;br /&gt;Note: RHEL5-based kernels 2.6.18 are not affected.&lt;br /&gt;&lt;br /&gt;It is quite critical to install latest OpenVZ kernel to protect your systems.&lt;br /&gt;Please reboot your nodes into fixed kernels or install live patches from &lt;a href="http://kernelcare.com/" target="_blank" rel="nofollow"&gt;Kernel Care&lt;/a&gt;.&lt;br /&gt;&lt;/ul&gt;</content>
  </entry>
</feed>
