Kernel security update: CVE-2017-15274; new kernel 2.6.32-042stab125.5 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

Issue date: 2017-10-23

Applies to: Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

Virtuozzo Advisory ID: VZA-2017-095

1. Overview

This update provides a new Virtuozzo Containers for Linux 4.7 kernel 2.6.32-042stab125.5 based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.10.2.el6. The new kernel introduces security and stability fixes.

2. Security Fixes

  • [Moderate] A flaw was found in the implementation of associative arrays where the add_key systemcall and KEYCTL_UPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer dereference (kernel oops). (CVE-2017-15274)

3. Bug Fixes

  • Improved the hash function for IPv6 neighbours to increase system responsiveness under IPv6 flooding attacks. (PSBM-73496)

  • Stopping NFS server inside a container could cause the host to crash. (PSBM-74832)

4. Installing the Update

Install the update with the ‘vzup2date’ utility included in the distribution.

5. References

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-095.json.