Important kernel security update: CVE-2017-15649; Virtuozzo ReadyKernel patch 36.1 for Virtuozzo 7.0.4, 7.0.4 HF3, and 7.0.5¶
Issue date: 2017-10-30
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2017-100
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-514.16.1.vz7.30.10 (Virtuozzo 7.0.4), 3.10.0-514.16.1.vz7.30.15 (Virtuozzo 7.0.4 HF3), and 3.10.0-514.26.1.vz7.33.22 (Virtuozzo 7.0.5).
2. Security Fixes¶
[Important] It was found that fanout_add() in ‘net/packet/af_packet.c’ in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug. (CVE-2017-15649)
3. Bug Fixes¶
Hung processes when trying to stop a container created on a storage partition. (PSBM-70021)
4. Installing the Update¶
Download, install, and instantly apply the patch to the current kernel by running ‘readykernel update’.
The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-100.json.