Kernel security update: Virtuozzo ReadyKernel patch 70.1 for Virtuozzo 7.0.6 to 7.0.7 HF3¶

1. Overview¶

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-693.1.1.vz7.37.30 (7.0.6) to 3.10.0-693.21.1.vz7.48.2 (7.0.7 HF3).

2. Security Fixes¶

• [Moderate] A flaw was found in the implementation of ebtables in the Linux kernel. A local attacker in a container could exploit it to consume large amounts of memory, eventually causing denial of service on the host. (PSBM-90803)

• [Low] vhost: kernel crash (access out of bounds) in memcpy_fromiovecend(). (PSBM-90291)

3. Bug Fixes¶

• tcache was not shrunk in some situations. (PSBM-89403)

• Kernel crash (access out of bounds) in SyS_mincore(). (PSBM-90329)

• If the CPUs in the system supported memory protection keys for userspace (X86_FEATURE_PKU) but the kernel did not, resuming a container could fail. (PSBM-90828)

4. Installing the Update¶

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

5. References¶

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-37.30-70.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-40.4-70.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-43.10-70.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-46.7-70.1-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-70.1-1.vl7/

The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2019-004.json.