Parallels

Resolution

------------------------------------------------------------------------ Synopsis: New Virtuozzo 3.0 kernel provides an important security fix for the x86_64 architecture and several driver updates. Issue date: 2007-10-01 Product: Virtuozzo 3.0 Keywords: security, driver update ------------------------------------------------------------------------ This document provides information on the new Virtuozzo 3.0 kernel, version 2.6.9-023stab044.11. (c) SWsoft, 2007. All rights reserved. ------------------------------------------------------------------------ TABLE OF CONTENTS 1. About This Release 2. Updates Description 3. Bugs Fixed 4. Obtaining New Kernel 5. Installing New Kernel 6. Required RPMs 7. Reference List ------------------------------------------------------------------------ 1. ABOUT THIS RELEASE The current update for the Virtuozzo 3.0 kernel provides an important security fix for the x86_64 architecture, several driver updates, and a number of other fixes. ------------------------------------------------------------------------ 2. UPDATES DESCRIPTION The updated Virtuozzo 3.0 kernel includes the fix for the following security vulnerability: - [x86_64]: A flaw was found in the IA32 system call emulation provided on AMD64 and Intel 64 platforms. An improperly validated 64-bit value could be stored in the %RAX register, which could trigger an out-of-bounds system call table access. An untrusted local user could exploit this flaw to run code in the kernel (i.e. a root privilege escalation) (CVE-2007-4573). The updated Virtuozzo 3.0 kernel includes the fix for the following issue: - Incorrect and confusing messages about the Virtuozzo license alleged expiration (the VEs are not stopped). The updated Virtuozzo 3.0 kernel includes several updated drivers: - Areca RAID Controller driver (arcmsr driver 1.20.0X.14 version, memory leak fix) - RealTek RTL8169s/8110s Gigabit Ethernet driver (r8169 driver 2.2LK-NAPI version, new devices support) Besides, the new Virtuozzo 3.0 kernel includes the following improvements: - The kernel has been rebased on the 2.6.9-55.0.2.EL4 Red Hat kernel. - The support for RAID Level 6 has been added. We highly recommend that all Virtuozzo 3.0 users update their kernel to the latest version. ------------------------------------------------------------------------ 3. BUGS FIXED The following bugs from the previous release have been fixed in the new Virtuozzo 3.0 kernel: - #92166: [x86_64]: Zero extend all registers after ptrace in 32bit entry path (CVE-2007-4573). - #83557: A race between parallel readings from /proc/vz/hwid, which can lead to a wrong hwid detection. - #87569: Memory leaks in 'arcmsr' driver when using Areca CLI monitoring utility. - #19950: The support for Realtek RTL8111/8168B PCI Express Gigabit Ethernet controller should be added. - #87220: The support for RAID Level 6 should be added. The following OpenVZ bug has been fixed: - #632: Per-user/group disk quota doesn't work inside a VE. ------------------------------------------------------------------------ 4. OBTAINING NEW KERNEL You can get this kernel update in one of the following ways: - You can download the update from ftp://downloads.swsoft.com. If you do not have an ftp account, please contact pavel@swsoft.com. - You can download and install the update by using the vzup2date utility included in the Virtuozzo 3.0 distribution set. ------------------------------------------------------------------------ 5. INSTALLING NEW KERNEL To install the update, you should perform the following operations: I. Use the "rpm -ihv" command to install the new kernel and Virtuozzo modules. # rpm -ivh vzkernel-smp-2.6.9-023stab044.11.i686.rpm \ vzmodules-smp-2.6.9-023stab044.11.i686.rpm Preparing... ################################# [100%] 1:vzkernel-smp ################################# [50%] 2:vzmodules-smp ################################# [100%] Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise, all the kernels previously installed on your system may be removed from the Hardware Node. II. You can adjust your boot loader configuration file to have the new kernel loaded by default. If you use the LILO bootloader, please do not forget to execute the 'lilo' command to write the changes to the boot sector: # lilo Added Virtuozzo2 * Added Virtuozzo1 Added linux Added linux-up III. Reboot your computer with the "shutdown -r now" command to boot the new kernel. ------------------------------------------------------------------------ 6. REQUIRED RPMS Depending on the kind of processor on your Hardware Node, the following RPM packages are included in the kernel update: x86 kernels: - Uniprocessor: vzkernel-2.6.9-023stab044.11.i686.rpm vzmodules-2.6.9-023stab044.11.i686.rpm - SMP: vzkernel-smp-2.6.9-023stab044.11.i686.rpm vzmodules-smp-2.6.9-023stab044.11.i686.rpm - Enterprise: vzkernel-enterprise-2.6.9-023stab044.11.i686.rpm vzmodules-enterprise-2.6.9-023stab044.11.i686.rpm - Enterprise with the 4GB split feature disabled: vzkernel-entnosplit-2.6.9-023stab044.11.i686.rpm vzmodules-entnosplit-2.6.9-023stab044.11.i686.rpm x86_64 kernels: - Uniprocessor: vzkernel-2.6.9-023stab044.11.x86_64.rpm vzmodules-2.6.9-023stab044.11.x86_64.rpm - SMP: vzkernel-smp-2.6.9-023stab044.11.x86_64.rpm vzmodules-smp-2.6.9-023stab044.11.x86_64.rpm ia64 kernel: vzkernel-2.6.9-023stab044.11.ia64.rpm vzmodules-2.6.9-023stab044.11.ia64.rpm ------------------------------------------------------------------------ 7. REFERENCE LIST The following references have been used in this document: - https://rhn.redhat.com/errata/RHSA-2007-0937.html - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4573