Kernel security update: new kernel 2.6.32-042stab120.20, Virtuozzo 6.0 Update 12 Hotfix 6 (6.0.12-3673)

Issue date: 2017-03-20

Applies to: Virtuozzo 6.0

Virtuozzo Advisory ID: VZA-2017-019

1. Overview

This update provides the new Virtuozzo 6.0 kernel 2.6.32-042stab120.20 based on the Red Hat Enterprise Linux 6.8 kernel 2.6.32-642.6.1.el6. The new kernel provides a security fix.

2. Security Fixes

  • [Moderate] A flaw was discovered in the Linux kernel’s key subsystem. Invoking the request_key() system call with a specially crafted set of arguments could result in a NULL-pointer dereference inside the search_keyring() function. A local unprivileged user could use this vulnerability to crash the system. The vulnerability could be exploited from inside containers. (CVE-2017-2647)

3. Installing the Update

Install the update by running ‘yum update’.

4. References

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-019.json.