Product:
Search Type:

CU-2.6.18-028stab053.6

Article ID: 3950 
Last Review: Feb,14 2008
APPLIES TO:
  • Parallels Virtuozzo Containers for Linux

RESOLUTION

--------------------------------------------------------------------------------
Synopsis: New Parallels Virtuozzo Containers 4.0 kernel provides
security updates and some other important fixes.
Issue date: 2008-02-12
Product: Parallels Virtuozzo Containers 4.0
Keywords: security updates, stability fixes
--------------------------------------------------------------------------------

This document provides information on the new Virtuozzo Containers 4.0 kernel,
version 2.6.18-028stab053.6.

(c) Parallels, 2008. All rights reserved.

--------------------------------------------------------------------------------

TABLE OF CONTENTS

1. About This Release
2. Updates Description
3. Bugs Fixed
4. Obtaining New Kernel
5. Installing New Kernel
6. Required RPMs
7. Reference List

--------------------------------------------------------------------------------

1. ABOUT THIS RELEASE

The current update for the Virtuozzo Containers 4.0 kernel provides a new kernel
based on the Red Hat 5 kernel (2.6.18-53.1.6.EL5). The updated kernel includes a
number of security updates and important stability fixes.

--------------------------------------------------------------------------------

2. UPDATES DESCRIPTION

The updated Virtuozzo Containers 4.0 kernel includes a fix for the following
security vulnerability:

- A missing user pointer access verification in the splice code allows a local
non-root user to gain root permissions both in the Linux and Virtuozzo
Containers kernels (CVE-2008-0600).


Besides, the new Virtuozzo Containers 4.0 kernel includes the following
improvements:

- The kernel has been re-based on the 2.6.18-53.1.6.EL5 Red Hat kernel.

- The "fs.fsync-enable" sysctl has been added, which makes it possible to
disable fsync() calls inside Containers on a Hardware Node. Disabling these
calls may increase the performance of some applications (e.g. mail servers),
but the system becomes more vulnerable to power outages.


We highly recommend that all Parallels Virtuozzo Containers 4.0 users update
their kernel to the latest version.

--------------------------------------------------------------------------------

3. BUGS FIXED

The following bugs from the previous release have been fixed in the new
Virtuozzo Containers 4.0 kernel:

- #98867: A missing user pointer access verification in splice code
(CVE-2008-0600).

- #98914: A sysctl to disable fsync() inside Containers should be added.

The following OpenVZ bugs have been fixed:

- #814: A kernel oops due to splice code vulnerability (CVE-2008-0600).

--------------------------------------------------------------------------------

4. OBTAINING NEW KERNEL

You can get this kernel update in one of the following ways:

- You can download the update from ftp://downloads.swsoft.com.
If you do not have an ftp account, please contact pavel@parallels.com.

- You can download and install the update by using the vzup2date utility
included in the Parallels Virtuozzo Containers 4.0 distribution set.

--------------------------------------------------------------------------------

5. INSTALLING NEW KERNEL

To install the update, you should perform the following operations:

I. Use the "rpm -ihv" command to install the new kernel and Virtuozzo modules.

# rpm -ivh vzkernel-2.6.18-028stab053.6.i686.rpm \
vzmodules-2.6.18-028stab053.6.i686.rpm
Preparing... ################################# [100%]
1:vzkernel ################################# [50%]
2:vzmodules ################################# [100%]

Please DO NOT USE the "rpm -Uhv" command to install the kernel. Otherwise,
all the kernels previously installed on your system may be removed from
the Hardware Node.

II. You can adjust your boot loader configuration file to have the new kernel
loaded by default. If you use the LILO bootloader, please do not forget to
execute the 'lilo' command to write the changes to the boot sector:

# lilo
Added Virtuozzo2 *
Added Virtuozzo1
Added linux
Added linux-up

III. Reboot your computer with the "shutdown -r now" command to boot the new
kernel.

--------------------------------------------------------------------------------

6. REQUIRED RPMS

Depending on the kind of processor on your Hardware Node, the following RPM
packages are included in the kernel update:

x86 kernels:

- SMP:
vzkernel-2.6.18-028stab053.6.i686.rpm
vzmodules-2.6.18-028stab053.6.i686.rpm

- Enterprise:
vzkernel-ent-2.6.18-028stab053.6.i686.rpm
vzmodules-ent-2.6.18-028stab053.6.i686.rpm

- Enterprise with the 4GB split feature disabled:
vzkernel-PAE-2.6.18-028stab053.6.i686.rpm
vzmodules-PAE-2.6.18-028stab053.6.i686.rpm


x86_64 kernels:

- SMP:
vzkernel-2.6.18-028stab053.6.x86_64.rpm
vzmodules-2.6.18-028stab053.6.x86_64.rpm

ia64 kernel:
vzkernel-2.6.18-028stab053.6.ia64.rpm
vzmodules-2.6.18-028stab053.6.ia64.rpm

--------------------------------------------------------------------------------

7. REFERENCE LIST

The following references have been used in this document:

- https://rhn.redhat.com/errata/RHSA-2008-0089.html

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600

Keywords: update

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
*Please type the code you can see.
* - required fields