Parallels Cloud Server

Parallels Cloud Server 6.0 Update2 Hotfix4 is now available (6.0.0-1081)

Tue, 14 May 2013 22:08:00 +0400

APPLIES TO:

Parallels Cloud Server 6.0

1. Topic:

The current update for the Parallels Cloud Server 6.0 kernel provides a new

kernel based on the Red Hat Enterprise Linux 6.3 kernel (2.6.32-279.22.1.el6).

The updated kernel includes a fix for critical security issue.

2. Update description:

This update contains fixes for the following security issue:

* A flaw was found in the way perf array index was sanitized.

A local unprivileged user can use this flaw to increase their privileges

on the system. (CVE-2013-2094)

Parallels Server Bare Metal 5.0 CU-2.6.32-042stab076.8 is now available

Tue, 14 May 2013 22:12:00 +0400

APPLIES TO:

Parallels Server Bare Metal 5.0

1. Topic:

The current update for the Parallels Server Bare Metal 5.0 kernel provides a

new kernel based on the Red Hat Enterprise Linux 6.3 kernel

(2.6.32-279.22.1.el6). The updated kernel includes a fix for critical security

issue.

2. Update description:

This update contains fixes for the following security issue:

* A flaw was found in the way perf array index was sanitized.

A local unprivileged user can use this flaw to increase their privileges

on the system. (CVE-2013-2094)

Parallels Server Bare Metal 5.0 CU-2.6.32-042stab076.7 is now available

Mon, 29 Apr 2013 16:19:00 +0400

APPLIES TO:

Parallels Server Bare Metal 5.0

1. Topic:

The current update for the Parallels Server Bare Metal 5.0 kernel provides a

new kernel based on the Red Hat Enterprise Linux 6.3 kernel

(2.6.32-279.22.1.el6). The updated kernel includes a number of security

and stability fixes.

2. Update description:

* An integer overflow flaw, leading to a heap-based buffer overflow, was

found in the way the Intel i915 driver in the Linux kernel handled the

allocation of the buffer used for relocation copies. A local user with

console access could use this flaw to cause a denial of service or escalate

their privileges. (CVE-2013-0913, Important)

* A buffer overflow flaw was found in the way UTF-8 characters were

converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's

FAT file system implementation. A local user able to mount a FAT file system

with the "utf8=1" option could use this flaw to crash the system or,

potentially, to escalate their privileges. (CVE-2013-1773, Important)

* A race condition in install_user_keyrings(), leading to a NULL pointer

dereference, was found in the key management facility. A local, unprivileged

user could use this flaw to cause a denial of service. (CVE-2013-1792,

Moderate)

* A NULL pointer dereference in the XFRM implementation could allow a local

user who has the CAP_NET_ADMIN capability to cause a denial of service.

(CVE-2013-1826, Moderate)

* A NULL pointer dereference in the Datagram Congestion Control Protocol

(DCCP) implementation could allow a local user to cause a denial of service.

(CVE-2013-1827, Moderate)

* Information leak flaws in the XFRM implementation could allow a local

user who has the CAP_NET_ADMIN capability to leak kernel stack memory to

user space. (CVE-2012-6537, Low)

* Two information leak flaws in the Asynchronous Transfer Mode (ATM)

subsystem could allow a local, unprivileged user to leak kernel stack memory

to user space. (CVE-2012-6546, Low)

* An information leak was found in the TUN/TAP device driver in the

networking implementation. A local user with access to a TUN/TAP virtual

interface could use this flaw to leak kernel stack memory to user space.

(CVE-2012-6547, Low)

* An information leak in the Bluetooth implementation could allow a local

user who has the CAP_NET_ADMIN capability to leak kernel stack memory to

user space. (CVE-2013-0349, Low)

* A use-after-free flaw was found in the tmpfs implementation. A local user

able to mount and unmount a tmpfs file system could use this flaw to cause a

denial of service or, potentially, escalate their privileges.

(CVE-2013-1767, Low)

* A NULL pointer dereference was found in the Linux kernel's USB Inside Out

Edgeport Serial Driver implementation. An attacker with physical access to a

system could use this flaw to cause a denial of service. (CVE-2013-1774, Low)

* An ext4 file system resize by a small value could cause a kernel panic.

(PSBM-19624)

Parallels Cloud Server 6.0 Update2 Hotfix3 is now available (6.0.0-1080)

Mon, 29 Apr 2013 16:19:00 +0400

APPLIES TO:

Parallels Cloud Server 6.0

1. Topic:

The current update for the Parallels Cloud Server 6.0 kernel provides a new

kernel based on the Red Hat Enterprise Linux 6.3 kernel (2.6.32-279.22.1.el6).

The updated kernel includes a number of security and stability fixes.