Important kernel security update: Virtuozzo ReadyKernel patch 62.2 for Virtuozzo 7.0.4 and 7.0.8 HF1¶
Issue date: 2018-09-28
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2018-072
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported Virtuozzo kernels.
2. Security Fixes¶
[Important] An integer overflow flaw was found in create_elf_tables(). An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. (CVE-2018-14634)
[Low] The Linux kernel imposes a size limit on the memory needed to store the arguments and environment variables of a process, 1/4 of the maximum stack size (RLIMIT_STACK). However, the pointers to these data were not taken into account, which allowed attackers to bypass the limit and even exhaust the stack of the process. (CVE-2017-1000365)
3. Bug Fixes¶
It was found that the implementation of high resolution timers (‘hrtimer’ subsystem) did not handle the situation when a timer was started simultaneously with its restart in another thread. As a result, a BUG_ON() could trigger in __run_hrtimer() leading to kernel crash. (PSBM-88818)
4. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2018-072.json.