Important kernel security update: CVE-2017-8824 and other; new kernel 2.6.32-042stab126.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0¶

1. Overview¶

This update provides a new Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 kernel 2.6.32-042stab126.2 based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.16.1.el6. The new kernel introduces security and stability fixes.

2. Security Fixes¶

• [Important] dccp_disconnect() set the socket state to DCCP_CLOSED but did not properly free some of the resources associated with that socket. This could result in a use-after-free and could potentially allow an attacker to escalate their privileges. (CVE-2017-8824)

• [Important] The Linux kernel is vulnerable to a use-after-free issue. It could occur while closing a xfrm netlink socket, in xfrm_dump_policy_done. A user/process could use this flaw to potentially escalate their privileges on a system. (CVE-2017-16939)

3. Installing the Update¶

Install the update with the ‘vzup2date’ utility included in the distribution.

4. References¶

• https://access.redhat.com/security/cve/CVE-2017-8824

• https://access.redhat.com/security/cve/CVE-2017-16939

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-113.json.