Important kernel security update: CVE-2018-18559; Virtuozzo ReadyKernel patch 64.0 for Virtuozzo 7.0.4 to 7.0.8 HF1¶
Issue date: 2018-10-26
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2018-077
The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to all supported Virtuozzo kernels.
2. Security Fixes¶
[Important] It was discovered that a race condition between packet_do_bind() and packet_notifier() in the implementation of AF_PACKET could lead to use-after-free. An unprivileged user on the host or in a container could exploit this to crash the kernel or, potentially, to escalate their privileges in the system. (CVE-2018-18559)
3. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2018-077.json.