From ${URL} : Description OpenVZ has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA59029 Solution: Update kernel branch RHEL6 to 042stab090.3. Original Advisory: http://wiki.openvz.org/Download/kernel/rhel6/042stab090.3
+ 17 Jun 2014; Peter Volkov <pva@gentoo.org> + -openvz-sources-2.6.32.85.20.ebuild, -openvz-sources-2.6.32.88.4.ebuild, + -openvz-sources-2.6.32.90.2.ebuild, openvz-sources-2.6.32.90.3.ebuild: + x86/amd64 stable, security bug #508010 and bug #513084 wrt Andreis + Vinogradovs ( slepnoga ) and Agostino Sarubbo. Drop old.
Thanks, guys Kernel package, thus - noglsa
CVE-2014-3153 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3153): The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
