Kernel security update: CVE-2017-15274; new kernel 2.6.32-042stab125.5 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0¶
Issue date: 2017-10-23
Applies to: Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
Virtuozzo Advisory ID: VZA-2017-095
This update provides a new Virtuozzo Containers for Linux 4.7 kernel 2.6.32-042stab125.5 based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.10.2.el6. The new kernel introduces security and stability fixes.
2. Security Fixes¶
[Moderate] A flaw was found in the implementation of associative arrays where the add_key systemcall and KEYCTL_UPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer dereference (kernel oops). (CVE-2017-15274)
3. Bug Fixes¶
Improved the hash function for IPv6 neighbours to increase system responsiveness under IPv6 flooding attacks. (PSBM-73496)
Stopping NFS server inside a container could cause the host to crash. (PSBM-74832)
4. Installing the Update¶
Install the update with the ‘vzup2date’ utility included in the distribution.
The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-095.json.