Important kernel security update: new kernel 2.6.18-028stab122.1 for Virtuozzo Containers for Linux 4.6¶

1. Overview¶

This update provides a new Virtuozzo Containers for Linux 4.6 kernel 2.6.18-028stab122.1 based on the Red Hat Enterprise Linux 5 kernel 2.6.18-419.el5. This update is a rebase to a new Red Hat Enterprise Linux kernel. It provides security fixes inherited from the RHEL kernel and no internal fixes.

IMPORTANT: The security vulnerabilities mentioned in this advisory only affect the host but not the containers on it because DCCP is disabled in containers.

2. Security Fixes¶

• [Important] A use-after-free flaw was found in the way the Linux kernel’s Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074)

• [Moderate] It was found that the Linux kernel’s Datagram Congestion Control Protocol (DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system. (CVE-2017-2634)

3. Installing the Update¶

Install the update with the ‘vzup2date’ utility included in the Virtuozzo Containers for Linux 4.6 distribution.

4. References¶

• https://www.redhat.com/security/data/cve/CVE-2017-6074.html

• https://www.redhat.com/security/data/cve/CVE-2017-2634.html

• https://rhn.redhat.com/errata/RHSA-2017-0323.html

• https://rhn.redhat.com/errata/RHBA-2017-0274.html

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-016.json.