Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 508010 - <sys-kernel/openvz-sources- : multiple vulnerabilities (CVE-2014-2523)
Summary: <sys-kernel/openvz-sources- : multiple vulnerabilities (CVE-2014-2...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [noglsa]
Depends on:
Reported: 2014-04-18 13:48 UTC by Agostino Sarubbo
Modified: 2014-08-10 21:58 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-04-18 13:48:36 UTC
From ${URL} :


OpenVZ has issued an update for kernel. This fixes some weaknesses and multiple vulnerabilities, which can 
be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), by 
malicious, local users to disclose potentially sensitive information, cause a DoS or potentially gain 
escalated privileges, and by malicious people to cause a DoS.

For more information:

Update kernel branch RHEL6 to 042stab088.4.

Original Advisory:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2014-06-08 16:56:55 UTC

That said I've bumped 042stab090.3 to deal with CVE-2014-3153.
Comment 2 Andreis Vinogradovs ( slepnoga ) 2014-06-09 07:01:31 UTC
Peter, please start stabilization process ( on x86 and amd64)
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2014-06-17 06:06:42 UTC
+  17 Jun 2014; Peter Volkov <>
+  -openvz-sources-, -openvz-sources-,
+  -openvz-sources-, openvz-sources-
+  x86/amd64 stable, security bug #508010 and bug #513084 wrt Andreis
+  Vinogradovs ( slepnoga ) and Agostino Sarubbo. Drop old.
Comment 4 Sergey Popov gentoo-dev 2014-06-19 06:47:05 UTC
Thanks, guys

Kernel package, closing as noglsa
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-08-10 21:58:18 UTC
CVE-2014-2523 (
  net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6
  uses a DCCP header pointer incorrectly, which allows remote attackers to
  cause a denial of service (system crash) or possibly execute arbitrary code
  via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet,
  or (3) dccp_error function.