Important kernel security update: CVE-2017-18344; Virtuozzo ReadyKernel patch 56.0 for all supported Virtuozzo 7.0 kernels¶
Issue date: 2018-08-06
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2018-050
The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to all supported Virtuozzo 7.0 kernels.
2. Security Fixes¶
[Important] The implementation of timer_create system call in the Linux kernel before 4.14.8 doesn’t properly validate the sigevent::sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). (CVE-2017-18344)
3. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2018-050.json.