Kernel security update: Virtuozzo ReadyKernel patch 41.1 for Virtuozzo 7.0.4, 7.0.4 HF3, 7.0.5, and 7.0.6¶

1. Overview¶

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-514.16.1.vz7.30.10 (Virtuozzo 7.0.4), 3.10.0-514.16.1.vz7.30.15 (Virtuozzo 7.0.4 HF3), 3.10.0-514.26.1.vz7.33.22 (Virtuozzo 7.0.5), and 3.10.0-693.1.1.vz7.37.30 (Virtuozzo 7.0.6).

2. Security Fixes¶

• [Low] The sctp_do_peeloff() function in the Linux kernel before 4.14 did not check whether the intended netns was used in a peel-off action, which allowed local users to cause a denial of service (use-after-free in sctp_cmp_addr_exact() resulting in system crash) or possibly have unspecified other impact via crafted system calls. (CVE-2017-15115)

3. Bug Fixes¶

• Migrating large memory ranges could take a while. With no resched points available, it caused soft lockups in isolate_lru_page(). (PSBM-79273)

• Kernel warnings about memory allocation failures in vznetstat. (PSBM-79502)

4. Installing the Update¶

Download, install, and instantly apply the patch to the current kernel by running ‘readykernel update’.

5. References¶

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-41.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-41.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-33.22-41.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-37.30-41.1-1.vl7/

• https://access.redhat.com/security/cve/CVE-2017-15115

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-120.json.