[prev in list] [next in list] [prev in thread] [next in thread]
List: openvz-announce
Subject: [Announce] Kernel RHEL5 028stab121.1
From: Vasily Averin <vvs () openvz ! org>
Date: 2017-02-06 7:53:23
Message-ID: 7dc9c48c-42c2-20e6-6f08-a00f5c468bab () virtuozzo ! com
[Download RAW message or body]
OpenVZ project released an updated RHEL5 based kernel.
Read below for more information. Everyone is advised to update.
Changes and Download
====================
(since 028stab120.3)
* Rebase to RHEL5 kernel 2.6.32-417.el5
* A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. \
This may allows remote attackers to corrupt memory and may allow execution of \
arbitrary code. This corruption takes place during the error handling routines within \
__sys_recvmmsg() function. (CVE-2016-7117, Important)
* It was found that stacking a file system over procfs in the Linux kernel could lead \
to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs \
over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local \
user could potentially use this flaw to escalate their privileges on the system. \
(CVE-2016-1583, Important)
* An integer overflow flaw was found in the way the Linux kernel's Frame Buffer \
device implementation mapped kernel memory to user space via the mmap syscall. A \
local user able to access a frame buffer device file (/dev/fb*) could possibly use \
this flaw to escalate their privileges on the system. (CVE-2013-2596, \
Important)
* It was found that the Xen hypervisor x86 CPU emulator implementation did not \
correctly handle certain instructions with segment overrides, potentially resulting \
in a memory corruption. A malicious guest user could use this flaw to read arbitrary \
data relating to other guests, cause a denial of service on the host, or potentially \
escalate their privileges on the host. (CVE-2015-2151, Important)
For more info and downloads, see:
https://openvz.org/Download/kernel/rhel5/028stab121.1
See also
========
https://rhn.redhat.com/errata/RHSA-2016-2962.html
https://rhn.redhat.com/errata/RHSA-2016-2124.html
https://rhn.redhat.com/errata/RHBA-2016-1782.html
https://rhn.redhat.com/errata/RHBA-2016-1393.html
https://rhn.redhat.com/errata/RHBA-2016-1024.html
https://rhn.redhat.com/errata/RHSA-2016-0450.html
https://www.redhat.com/security/data/cve/CVE-2016-7117.html
https://www.redhat.com/security/data/cve/CVE-2015-1583.html
https://www.redhat.com/security/data/cve/CVE-2013-2596.html
https://www.redhat.com/security/data/cve/CVE-2015-2151.html
Bug reporting
=============
Use http://bugs.openvz.org/ to report any bugs found.
Regards,
OpenVZ team
_______________________________________________
Announce mailing list
Announce@openvz.org
https://lists.openvz.org/mailman/listinfo/announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic