Important kernel security update: CVE-2017-15649; Virtuozzo ReadyKernel patch 36.1 for Virtuozzo 7.0.0, 7.0.1, and 7.0.3¶

1. Overview¶

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3).

2. Security Fixes¶

• [Important] It was found that fanout_add() in ‘net/packet/af_packet.c’ in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug. (CVE-2017-15649)

3. Installing the Update¶

Download, install, and instantly apply the patch to the current kernel by running ‘readykernel update’.

4. References¶

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-15.2-36.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-18.7-36.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-36.1-1.vl7/

• https://access.redhat.com/security/cve/CVE-2017-15649

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-099.json.