Kernel security update: Virtuozzo ReadyKernel patch 23.0 for Virtuozzo 7.0.0, 7.0.1, and 7.0.3¶
Issue date: 2017-06-22
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2017-052
The cumulative Virtuozzo ReadyKernel patch updated with a security fix and a stability bug fix. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3).
2. Security Fixes¶
[Moderate] A vulnerability was found in the signal handling in the Linux kernel. A local unprivileged user could cause a kernel crash (general protection fault) in the cleanup_timers() function by using the rt_tgsigqueueinfo() system call with a specially crafted set of arguments. (PSBM-67221)
3. Bug Fixes¶
Kernel crash (NULL pointer dereference) in list_lru_destroy() in certain conditions. (PSBM-67300)
4. Installing the Update¶
Download, install, and instantly apply the patch to the current kernel by running ‘readykernel update’.
The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-052.json.