ChangesEdit
Since 042stab112.15:
- Rebase to RHEL6.7 2.6.32-573.8.1.el6 kernel and security fixes from 2.6.32-573.12.1.el6 kernel.
- Unauthorized access to IPC objects with SysV shm and msg. (CVE-2015-7613)
- Updated fix for keyrings crash triggerable by unprivileged user. (CVE-2015-7872)
- Crash in cgroup_release_agent() after container stop. (PSBM-34262)
- Unix socket was restored incorrectly after container resume. (PSBM-39774)
- Kernel panic when online-migrating a container with an active conntrack expectation from Virtuozzo Containers for Linux 4.6 (RHEL5) to RHEL6-based kernels. (PSBM-40287)
- WARNING in tty_ldisc_open() fixed (PSBM-41622)
- ip6_dst_cache entries should be charged inside container. (PSBM-42323)
- Introduced a per-container limit for IPv4 network interface aliases. (PSBM-42403)
- Improvements to memory reclaimer. (PSBM-40406)
- Crash on start of containers with the hidden PIDs feature enabled (kernel.pid_ns_hide_child=1). (OVZ-6568)
- Improvements to Docker inside CT support.
- Minor memory leak fixes and performance optimizations.