[Ksplice][Virtuozzo 4.7 Updates] New Ksplice updates for Virtuozzo 4.7 or OpenVZ on RHEL 6 (042stab134.7)

[Oracle Ksplice]

Synopsis: 042stab134.7 can now be patched using Ksplice

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, 042stab134.7.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Virtuozzo 4.7
or OpenVZ on RHEL 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Buffer overrun when resizing ext4 block group.

When resizing an ext4 block group, insufficient memory is allocated to
hold the block group's metadata, resulting in a potential buffer
overrun. Mounting a maliciously crafted ext4 image might result in
memory corruption or a denial-of-service.


* Memory corruption in ploop Kernel Asynchronous I/O block allocation.

When allocating a Kernel Asynchronous I/O block allocation for a ploop
disk loopback device, the allocation might not leave headroom for the
cluster log, potentially resulting in memory corruption or a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.