Important kernel security update: Virtuozzo ReadyKernel patch 40.0 for Virtuozzo 7.0.6

Issue date: 2017-12-18

Applies to: Virtuozzo 7.0

Virtuozzo Advisory ID: VZA-2017-117

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernel 3.10.0-693.1.1.vz7.37.30 (Virtuozzo 7.0.6).

2. Security Fixes

  • [Important] Potential use-after-free in the processing of namespaces. (PSBM-78904)

3. Bug Fixes

  • The kernel could consider a container stopped before the resources of that container, for example, VEIP addresses, have been released. As a result, the system could fail to restart the container. (PSBM-78078)

  • A warning about FR_PENDING bit was printed by request_end() because fuse_request_send_background() did not clear that bit. (PSBM-78342)

  • vstorage service hung in wait_iff_congested() in some cases. As it turned out, the improvements in splice() operation in FUSE (PSBM-77949) included in ReadyKernel patches v39.x were not enough to fix the issue. Excessive COMMIT operations made by releasepage() in NFS resulted in performance degradation too. (PSBM-78788)

4. Installing the Update

Download, install, and instantly apply the patch to the current kernel by running ‘readykernel update’.

5. References

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-117.json.