Kernel security update: CVE-2017-15265; new kernel 2.6.32-042stab126.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0¶

1. Overview¶

This update provides a new Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 kernel 2.6.32-042stab126.1 based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.16.1.el6. The new kernel inherits several non-security bugfixes from the RHEL kernel (as we have already fixed the security ones) and introduces new security and stability fixes.

2. Security Fixes¶

• [Moderate] A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation. (CVE-2017-15265)

3. Bug Fixes¶

• Hidden a warning observed during read of ‘/proc/vz/fairsched/*/cpu.proc.stat’ due to the incorrectly calculated ‘iowait’ parameter. (PSBM-56083)

• Container network interfaces (both venet and veth) did not show all dropped packets in the interface statistics. (PSBM-75049)

• Under certain conditions, node could be crashed during restore of a container with an active NFS mount. (PSBM-76898)

4. Installing the Update¶

Install the update with the ‘vzup2date’ utility included in the distribution.

5. References¶

• https://access.redhat.com/security/cve/CVE-2017-15265

• https://access.redhat.com/errata/RHSA-2017:2863

• https://access.redhat.com/errata/RHSA-2017:3200

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-106.json.