From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search


Since 042stab075.2:

  • [security] A flaw was found in the way the xen_iret() function in the Linux kernel used the DS (the CPU's Data Segment) register. A local, unprivileged user in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to crash the guest or, potentially, escalate their privileges. (CVE-2013-0228, Important)
  • [security] A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)
  • [nfs] redundant clear_inode() led to a memory corruption, which led to the kernel panic (PSBM-18863)
  • [sunrpc] forgotten socket write lock in case rpc_task exists early, this caused all operations on NFS volume to hang (PCLIN-31604)
  • [tmpfs] avoid the crash by not releasing the mempolicy if shmem_parse_options() doesn't create a new mpol by remounting without mpol= mount option (PSBM-18650)
  • [ext4] container should not be able to remount ploop with mount option 'errors=panic'
  • [fs] forbid filesystem mount options (on remount inside a CT) if white list was not provided
  • [cpt] 64bit child process of 32bit parent should report x86_64 arch even after vzreboot/online migration. This fixes Plesk functioning in particular after vzreboot/online migration (PSBM-18085)
  • [cpt] if parent process has PER_LINUX32 and child has 0, it should stay the same way after cpt/rst. Before this fix cpt/rst cycle made PER_LINUX32 in both processes
  • [pfcache] hide mount options 'pfcache_csum' and 'pfcache' inside a CT. They are useless inside a CT anyway and produces kernel warnings on remounts (PSBM-18807)
  • [nfs/quota] fixed crash on a kernel compiled without NFS quota
  • [scheduler] the effective cpulimit could be sometimes lower than assigned (PSBM-17399)
  • [fs/nfsd] fixed mnt_{get/drop} balance, the imbalance could cause random memory corruptions (#2506)