Difference between revisions of "Download/kernel/rhel6/042stab116.1/changes"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(formatting fixes, slight rewording)
(links to OVZ issues)
Line 10: Line 10:
 
* Network devices that used the mainline veth driver did not check TCP checksums. (https://access.redhat.com/solutions/2216661)
 
* Network devices that used the mainline veth driver did not check TCP checksums. (https://access.redhat.com/solutions/2216661)
 
: (vethX interfaces of OpenVZ and VZ containers are not affected as they use a different driver. The affected veth driver was used inside Docker-ready containers or could be used by host admin for their own purposes)
 
: (vethX interfaces of OpenVZ and VZ containers are not affected as they use a different driver. The affected veth driver was used inside Docker-ready containers or could be used by host admin for their own purposes)
* Fix for kernel BUG at block/cfq-iosched.c:2806  (OVZ-6651)
+
* Fix for kernel BUG at block/cfq-iosched.c:2806  ({{OVZ|6651}})
 
* Fix for kernel crash inside pick_next_task_fair() (PSBM-44475)
 
* Fix for kernel crash inside pick_next_task_fair() (PSBM-44475)
* write to CIFS share hangs (OVZ-6642)
+
* write to CIFS share hangs ({{OVZ|6642}})
* ub memcg: fake use_hierarhy file is required for KVM's libvirtd (OVZ-6660)
+
* ub memcg: fake use_hierarhy file is required for KVM's libvirtd ({{OVZ|6660}})
 
* Warning at drivers/block/ploop/io_direct_map.c:841 trim_extent_mappings. (PSBM-45999)
 
* Warning at drivers/block/ploop/io_direct_map.c:841 trim_extent_mappings. (PSBM-45999)
* LDT entries were incorrectly restored from CPT image. (OVZ-6228)
+
* LDT entries were incorrectly restored from CPT image. ({{OVZ|6228}})
 
* some internal fixes
 
* some internal fixes
  

Revision as of 18:35, 13 September 2016

Changes

Since 042stab113.21:

  • Rebase to RHEL6 kernel 2.6.32-573.26.1.el6
  • ipv4: Don't do expensive useless work during inetdev destroy. (CVE-2016-3156, PSBM-42403)
(the issue was workarounded in 042stab113.11 kernel by adding per-container limit on using of ipv4 addresses; now the old workaround is replaced by a fix backported from mainline)
  • A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system. (CVE-2015-5157)
  • A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service. (CVE-2015-8767)
  • NFS client with kernels 2.6.32-573.10.2.el6 or above could hang with 'not responding, still trying' messages and running processes in spinlock. (https://access.redhat.com/solutions/2215491)
  • Network devices that used the mainline veth driver did not check TCP checksums. (https://access.redhat.com/solutions/2216661)
(vethX interfaces of OpenVZ and VZ containers are not affected as they use a different driver. The affected veth driver was used inside Docker-ready containers or could be used by host admin for their own purposes)
  • Fix for kernel BUG at block/cfq-iosched.c:2806 (OVZ-6651)
  • Fix for kernel crash inside pick_next_task_fair() (PSBM-44475)
  • write to CIFS share hangs (OVZ-6642)
  • ub memcg: fake use_hierarhy file is required for KVM's libvirtd (OVZ-6660)
  • Warning at drivers/block/ploop/io_direct_map.c:841 trim_extent_mappings. (PSBM-45999)
  • LDT entries were incorrectly restored from CPT image. (OVZ-6228)
  • some internal fixes

See also