Kernel security update: CVE-2017-12193; Virtuozzo ReadyKernel patch 37.1 for Virtuozzo 7.0.0, 7.0.1, 7.0.3, 7.0.4, and 7.0.4 HF3¶

1. Overview¶

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.37.1.vz7.18.7 (Virtuozzo 7.0.1), 3.10.0-327.37.1.vz7.20.18 (Virtuozzo 7.0.3), 3.10.0-514.16.1.vz7.30.10 (Virtuozzo 7.0.4), and 3.10.0-514.16.1.vz7.30.15 (Virtuozzo 7.0.4 HF3).

2. Security Fixes¶

• [Moderate] A flaw was found in the implementation of associative arrays in the Linux kernel. A null pointer dereference could happen in assoc_array_apply_edit() due to incorrect node splitting. (CVE-2017-12193)

3. Bug Fixes¶

• sysinfo() returns 0 for uptime if called from a VZ7 container. (PSBM-62094)

• Each resize issues invalidate_inode_pages2(), which triggers ultra slow synchronous writeback of all dirty pages. (PSBM-76437)

4. Installing the Update¶

Download, install, and instantly apply the patch to the current kernel by running ‘readykernel update’.

5. References¶

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-15.2-37.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-18.7-37.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-37.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-37.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-37.1-1.vl7/

• https://access.redhat.com/security/cve/CVE-2017-12193

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-101.json.