Kernel security update: CVE-2017-7472; new kernel 2.6.32-042stab123.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

Issue date: 2017-04-27

Applies to: Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

Virtuozzo Advisory ID: VZA-2017-030

1. Overview

This update provides a new kernel 2.6.32-042stab123.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0. The new kernel is based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.el6 and provides a security fix and stability bug fixes.

2. Security Fixes

  • [Moderate] It was found that keyctl_set_reqkey_keyring() function leaked thread keyring which could allow an unprivileged local user to exhaust kernel memory. (CVE-2017-7472)

3. Bug Fixes

  • net/packet: fix overflow in check for tp_frame_nr.

  • net/packet: fix overflow in check for tp_reserve.

4. Installing the Update

Install the update with the ‘vzup2date’ utility included in the distribution.

5. References

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-030.json.