Difference between revisions of "News/updates"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(042stab113.18 to -testing)
(042stab113.21 to -testing)
Line 22: Line 22:
 
<startFeed />
 
<startFeed />
 
<!-- *DO NOT REMOVE THIS LINE* new news should go here -->
 
<!-- *DO NOT REMOVE THIS LINE* new news should go here -->
 +
 +
== Kernel RHEL6 testing 042stab113.21 ==
 +
 +
* Missing bounds check in ipt_entry structure in netfilter. (PSBM-45193, CVE-2016-3134)
 +
* IPv6 connect could cause DoS via NULL pointer dereference (PSBM-45219, CVE-2015-8543)
 +
* Pipe buffer state corruption after unsuccessful atomic read from pipe (PSBM-45328, CVE-2016-0774)
 +
* hostapd was broken in early RHEL6.7 kernels. (OVZ-6649)
 +
 +
{{Download link|kernel/rhel6-testing/042stab113.21}}
 +
 +
--[[User:Sergey Bronnikov|SergeyB]] ([[User talk:Sergey Bronnikov|talk]]) 05:47, 29 March 2016 (EDT)
  
 
== Kernel RHEL6 testing 042stab113.18 ==
 
== Kernel RHEL6 testing 042stab113.18 ==

Revision as of 09:47, 29 March 2016


Kernel RHEL6 testing 042stab113.21

  • Missing bounds check in ipt_entry structure in netfilter. (PSBM-45193, CVE-2016-3134)
  • IPv6 connect could cause DoS via NULL pointer dereference (PSBM-45219, CVE-2015-8543)
  • Pipe buffer state corruption after unsuccessful atomic read from pipe (PSBM-45328, CVE-2016-0774)
  • hostapd was broken in early RHEL6.7 kernels. (OVZ-6649)

[ Change log/downloads... ]

--SergeyB (talk) 05:47, 29 March 2016 (EDT)

Kernel RHEL6 testing 042stab113.18

  • bonding: Prevent IPv6 link local address on enslaved devices (PSBM-42433)
  • kswap activity restriction in case high-order requests (PSBM-44291)
  • force charge swapin readahead pages if in ub0 (PSBM-44857)

[ Change log/downloads... ]

--SergeyB (talk) 10:22, 14 March 2016 (EDT)

Kernel RHEL6 stable 042stab113.17

  • Crash in restore_one_vfsmount() on restoring shared non-master mounts. (PSBM-42471)
  • Introduced FADV_DEACTIVATE flag in fadvise() to be able to move file pages from the active to the inactive list. (PSBM-42664)
  • Race between keyctl_read() and keyctl_revoke() could crash the host. (PSBM-43799, CVE-2015-7550)
  • Under certain circumstances, backup/restore via CBT interface could hang the host. (PSBM-43936)
  • Second-level quota in simfs containers was broken in 042stab113.x kernels. (OVZ-6655)

[ Change log/downloads... ]

--SergeyB (talk) 06:37, 14 March 2016 (EDT)

Kernel RHEL6 testing 042stab113.17

  • Crash in restore_one_vfsmount() on restoring shared non-master mounts. (PSBM-42471)
  • Introduced FADV_DEACTIVATE flag in fadvise() to be able to move file pages from the active to the inactive list. (PSBM-42664)
  • Race between keyctl_read() and keyctl_revoke() could crash the host. (PSBM-43799, CVE-2015-7550)
  • Under certain circumstances, backup/restore via CBT interface could hang the host. (PSBM-43936)
  • Second-level quota in simfs containers was broken in 042stab113.x kernels. (OVZ-6655)

[ Change log/downloads... ]

--SergeyB (talk) 06:37, 14 March 2016 (EDT)

Kernel RHEL5 stable 028stab120.1

  • Rebase to RHEL5 kernel 2.6.32-408.el5
  • A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality (CVE-2015-5364, CVE-2015-5366)

[ Change log/downloads... ]

--SergeyB (talk) 07:30, 2 February 2016 (EST)

Kernel RHEL5 testing 028stab120.1

  • Rebase to RHEL5 kernel 2.6.32-408.el5
  • A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality (CVE-2015-5364, CVE-2015-5366)

[ Change log/downloads... ]

--SergeyB (talk) 04:30, 25 January 2016 (EST)

Kernel RHEL5 stable 028stab119.6

  • Improved accounting for network-related memory objects (PCLIN-32553)
  • Introduced a per-container limit for the number of mounts (PCLIN-32554)
  • Introduced a per-container limit for IPv4 network interface aliases (PCLIN-32555)

[ Change log/downloads... ]

--SergeyB (talk) 09:25, 3 January 2016 (EST)

Older updates