|
Based on
|
RHEL6 2.6.32
|
---|
Status
|
stable, maintained
|
---|
End Of Life
|
Nov 2019
|
---|
Latest
|
042stab145.3
|
---|
Archives
|
RHEL6
|
---|
Contents
Since 042stab075.2:
- [security] A flaw was found in the way the xen_iret() function in the Linux kernel used the DS (the CPU's Data Segment) register. A local, unprivileged user in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to crash the guest or, potentially, escalate their privileges. (CVE-2013-0228, Important)
- [security] A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)
- [nfs] redundant clear_inode() led to a memory corruption, which led to the kernel panic (PSBM-18863)
- [sunrpc] forgotten socket write lock in case rpc_task exists early, this caused all operations on NFS volume to hang (PCLIN-31604)
- [tmpfs] avoid the crash by not releasing the mempolicy if shmem_parse_options() doesn't create a new mpol by remounting without mpol= mount option (PSBM-18650)
- [ext4] container should not be able to remount ploop with mount option 'errors=panic'
- [fs] forbid filesystem mount options (on remount inside a CT) if white list was not provided
- [cpt] 64bit child process of 32bit parent should report x86_64 arch even after vzreboot/online migration. This fixes Plesk functioning in particular after vzreboot/online migration (PSBM-18085)
- [cpt] if parent process has PER_LINUX32 and child has 0, it should stay the same way after cpt/rst. Before this fix cpt/rst cycle made PER_LINUX32 in both processes
- [pfcache] hide mount options 'pfcache_csum' and 'pfcache' inside a CT. They are useless inside a CT anyway and produces kernel warnings on remounts (PSBM-18807)
- [nfs/quota] fixed crash on a kernel compiled without NFS quota
- [scheduler] the effective cpulimit could be sometimes lower than assigned (PSBM-17399)
- [fs/nfsd] fixed mnt_{get/drop} balance, the imbalance could cause random memory corruptions (#2506)
x86 (i686, IA32)Edit
x86_64 (AMD64, EM64T)Edit
Source RPMEditKernel patchEdit
This patch is applicable to vanilla Linux 2.6.32 kernel (not to 2.6.32.y),
available from kernel.org.
Official configs of this OpenVZ kernel used to build binary RPMS.