From ${URL} : Description OpenVZ has issued an update for kernel. This fixes some weaknesses and multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), by malicious, local users to disclose potentially sensitive information, cause a DoS or potentially gain escalated privileges, and by malicious people to cause a DoS. For more information: SA56878 SA57594 Solution: Update kernel branch RHEL6 to 042stab088.4. Original Advisory: OpenVZ: http://wiki.openvz.org/Download/kernel/rhel6/042stab088.4 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
042stab088.4. That said I've bumped 042stab090.3 to deal with CVE-2014-3153.
Peter, please start stabilization process ( on x86 and amd64)
+ 17 Jun 2014; Peter Volkov <pva@gentoo.org> + -openvz-sources-2.6.32.85.20.ebuild, -openvz-sources-2.6.32.88.4.ebuild, + -openvz-sources-2.6.32.90.2.ebuild, openvz-sources-2.6.32.90.3.ebuild: + x86/amd64 stable, security bug #508010 and bug #513084 wrt Andreis + Vinogradovs ( slepnoga ) and Agostino Sarubbo. Drop old.
Thanks, guys Kernel package, closing as noglsa
CVE-2014-2523 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2523): net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
