Important kernel security update: CVE-2018-1068; Virtuozzo ReadyKernel patch 47.0 for Virtuozzo 7.0.7¶
Issue date: 2018-03-22
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2018-015
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the Virtuozzo 7.0 kernel 3.10.0-693.17.1.vz7.43.10 (7.0.7).
2. Security Fixes¶
[Important] It was discovered that the implementation of ebtables in the kernel did not properly validate the offsets received from the user space. A local user with enough privileges in the user and network namespaces could use that to trigger an out-of-bounds write to the kernel address space. (CVE-2018-1068)
3. Bug Fixes¶
Potential kernel hang (endless loop) in try_charge(). (PSBM-81939)
The fix for a race in tcache inadvertently broke tcache invalidation, leading to kernel warnings in tcache_invalidate_node_pages() among other things. (PSBM-81940)
4. Installing the Update¶
Download, install, and instantly apply the patch to the current kernel by running ‘readykernel update’.
The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2018-015.json.