Kernel security update: Virtuozzo ReadyKernel patch 70.1 for Virtuozzo 7.0.4 HF3 and 7.0.5¶
Issue date: 2019-01-24
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2019-003
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-514.16.1.vz7.30.15 (7.0.4 HF3) and 3.10.0-514.26.1.vz7.33.22 (7.0.5). NOTE: No more patches are planned for kernel 3.10.0-514.16.1.vz7.30.15, support for which ends with this update.
2. Security Fixes¶
[Moderate] A flaw was found in the implementation of ebtables in the Linux kernel. A local attacker in a container could exploit it to consume large amounts of memory, eventually causing denial of service on the host. (PSBM-90803)
3. Bug Fixes¶
Kernel crash (access out of bounds) in SyS_mincore(). (PSBM-90329)
If the CPUs in the system supported memory protection keys for userspace (X86_FEATURE_PKU) but the kernel did not, resuming a container could fail. (PSBM-90828)
4. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2019-003.json.