Important kernel security update: Virtuozzo ReadyKernel patch 69.0 for Virtuozzo 7.0.4 HF3 to 7.0.8 HF1¶
Issue date: 2018-12-24
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2018-089
The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to all supported Virtuozzo kernels.
2. Security Fixes¶
[Important] A flaw was found in the implementation of NFS v4.1 in the Linux kernel. NFS v4.1 shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel ID and cause a use-after-free. A malicious user in a container can exploit this to cause a host kernel memory corruption and a system crash. (CVE-2018-16884)
3. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2018-089.json.