Kernel security update: Virtuozzo ReadyKernel patch 67.0 for Virtuozzo 7.0.8 and 7.0.8 HF1¶

1. Overview¶

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-862.9.1.vz7.63.3 (7.0.8) and 3.10.0-862.11.6.vz7.64.7 (7.0.8 HF1).

2. Security Fixes¶

• [Moderate] The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. (CVE-2018-14646)

3. Bug Fixes¶

• It was discovered that a special sequence of operations involving NFS server in a container with FEATURES=’nfsd=on’ could crash the host kernel. (PSBM-90024)

• Asynchronous discard requests could fail with EIO because ploop did not properly align them. (PSBM-90052)

4. Installing the Update¶

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

5. References¶

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-63.3-67.0-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-64.7-67.0-1.vl7/

• https://access.redhat.com/security/cve/cve-2018-14646

The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2018-085.json.