'[Announce] Kernel RHEL5 028stab121.1'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvz-announce
Subject:    [Announce] Kernel RHEL5 028stab121.1
From:       Vasily Averin <vvs () openvz ! org>
Date:       2017-02-06 7:53:23
Message-ID: 7dc9c48c-42c2-20e6-6f08-a00f5c468bab () virtuozzo ! com
[Download RAW message or body]

OpenVZ project released an updated RHEL5 based kernel.
Read below for more information. Everyone is advised to update.

Changes and Download
====================
(since 028stab120.3)

* Rebase to RHEL5 kernel 2.6.32-417.el5
* A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. \
This may allows remote attackers to corrupt memory and may allow execution of \
arbitrary code. This corruption takes place during the error handling routines within \
                __sys_recvmmsg() function. (CVE-2016-7117, Important)
* It was found that stacking a file system over procfs in the Linux kernel could lead \
to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs \
over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local \
user could potentially use this flaw to escalate their privileges on the system. \
                (CVE-2016-1583, Important)
* An integer overflow flaw was found in the way the Linux kernel's Frame Buffer \
device implementation mapped kernel memory to user space via the mmap syscall. A \
local user able to access a frame buffer device file (/dev/fb*) could possibly use \
                this flaw to escalate their privileges on the system. (CVE-2013-2596, \
                Important)
* It was found that the Xen hypervisor x86 CPU emulator implementation did not \
correctly handle certain instructions with segment overrides, potentially resulting \
in a memory corruption. A malicious guest user could use this flaw to read arbitrary \
data relating to other guests, cause a denial of service on the host, or potentially \
escalate their privileges on the host. (CVE-2015-2151, Important)

For more info and downloads, see:
https://openvz.org/Download/kernel/rhel5/028stab121.1

See also
========
https://rhn.redhat.com/errata/RHSA-2016-2962.html
https://rhn.redhat.com/errata/RHSA-2016-2124.html
https://rhn.redhat.com/errata/RHBA-2016-1782.html
https://rhn.redhat.com/errata/RHBA-2016-1393.html
https://rhn.redhat.com/errata/RHBA-2016-1024.html
https://rhn.redhat.com/errata/RHSA-2016-0450.html
https://www.redhat.com/security/data/cve/CVE-2016-7117.html
https://www.redhat.com/security/data/cve/CVE-2015-1583.html
https://www.redhat.com/security/data/cve/CVE-2013-2596.html
https://www.redhat.com/security/data/cve/CVE-2015-2151.html

Bug reporting
=============
Use http://bugs.openvz.org/ to report any bugs found.

Regards,
    OpenVZ team
_______________________________________________
Announce mailing list
Announce@openvz.org
https://lists.openvz.org/mailman/listinfo/announce

[prev in list] [next in list] [prev in thread] [next in thread] 