Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 520228 - <sys-kernel/openvz-sources-2.6.32.92.3: multiple vulnerabilities
Summary: <sys-kernel/openvz-sources-2.6.32.92.3: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/60761/
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-19 06:36 UTC by Agostino Sarubbo
Modified: 2016-11-25 00:51 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-08-19 06:36:14 UTC 
From ${URL} :

Description

OpenVZ has issued an update for kernel. This fixes multiple vulnerabilities, 
which can be exploited by malicious, local users to cause a DoS (Denial of 
Service) and by malicious people to cause a DoS.

For more information:
SA57284
SA57424
SA57468
SA57862
SA58569
SA59361 (#1)


Solution:
Update kernel branch RHEL6 to 042stab093.4.

Original Advisory:
OpenVZ:
http://wiki.openvz.org/Download/kernel/rhel6/042stab093.4


@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2016-11-25 00:05:25 UTC 
This was fixed upstream via version 042stab092.3 which hit tree via https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-kernel/openvz-sources/openvz-sources-2.6.32.92.3.ebuild?hideattic=0&view=markup

First current stable version in repository is =sys-kernel/openvz-sources-2.6.32.108.5 and no vulnerable version left. So nothing left to do for us.


@ Security: Please vote!
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-11-25 00:51:57 UTC 
GLSA Vote: No