Important kernel security update: Virtuozzo ReadyKernel patch 62.2 for Virtuozzo 7.0.4 and 7.0.8 HF1¶
Issue date: 2018-09-28
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2018-072
1. Overview¶
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported Virtuozzo kernels.
2. Security Fixes¶
[Important] An integer overflow flaw was found in create_elf_tables(). An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. (CVE-2018-14634)
[Low] The Linux kernel imposes a size limit on the memory needed to store the arguments and environment variables of a process, 1/4 of the maximum stack size (RLIMIT_STACK). However, the pointers to these data were not taken into account, which allowed attackers to bypass the limit and even exhaust the stack of the process. (CVE-2017-1000365)
3. Bug Fixes¶
It was found that the implementation of high resolution timers (‘hrtimer’ subsystem) did not handle the situation when a timer was started simultaneously with its restart in another thread. As a result, a BUG_ON() could trigger in __run_hrtimer() leading to kernel crash. (PSBM-88818)
4. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
5. References¶
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-62.2-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-62.2-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-33.22-62.2-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-37.30-62.2-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-40.4-62.2-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-43.10-62.2-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-46.7-62.2-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-62.2-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-63.3-62.2-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-64.7-62.2-1.vl7/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000365
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2018-072.json.