The currently stable gentoo ebuild openvz-sources-2.6.32.78.26 has a security problem and was replaced by openvz-sources-2.6.32.78.27 http://wiki.openvz.org/Download/kernel/rhel6/042stab078.27 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2224 Please bump asap Thanks
@pva, could you confirm the issue?
(In reply to Agostino Sarubbo from comment #1) > @pva, could you confirm the issue? I'm not pva ;), but ,yes, i confirm this; I plan to bump it this weekend.
2.6.32.78.28 is in tree now, let's stabilize it Target keywords: amd64 x86
amd64/x86 stable.
Kernels don't get GLSAs. Closing.
CVE-2013-2224 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2224): A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552.