Important kernel security update: New kernel 2.6.32-042stab140.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0¶
Issue date: 2019-08-19
Applies to: Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
Virtuozzo Advisory ID: VZA-2019-066
1. Overview¶
This update provides a new kernel 2.6.32-042stab140.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 based on the RHEL 6.10 kernel 2.6.32-754.18.2.el6. The new kernel inherits security fixes from the RHEL kernel and features internal fixes.
2. Security Fixes¶
[Important] A new software page cache side channel attack scenario was discovered in operating systems that implement the very common ‘page cache’ caching mechanism. A malicious user/process could use ‘in memory’ page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel. (CVE-2019-5489)
[Moderate] The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AF_ALG-based skcipher interface to cause a denial of service (uninitialized-memory free and kernel crash) or have an unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 are vulnerable. (CVE-2017-17805)
[Moderate] An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task. (CVE-2018-17972)
[Moderate] A Spectre gadget was found in the Linux kernel’s implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel. (CVE-2019-1125)
[Moderate] A flaw was found in the Linux kernel, prior to version 5.0.7, in drivers/scsi/megaraid/megaraid_sas_base.c, where a NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds(). An attacker can crash the system if they were able to load the megaraid_sas kernel module and groom memory beforehand, leading to a denial of service (DoS), related to a use-after-free. (CVE-2019-11810, PSBM-94467)
3. Bug Fixes¶
Under certain conditions, host can crash in posix_cpu_timer_del(). Kernels from 2.6.32-042stab109.5 are affected. (PSBM-96868)
4. Installing the Update¶
The update is only available for customers subscribed to the Extended Lifecycle Support (ELS) program. Download and install the update using the vzup2date utility included in the distribution. Reboot the host to apply the update.
5. References¶
https://www.redhat.com/security/data/cve/CVE-2017-17805.html
https://www.redhat.com/security/data/cve/CVE-2018-17972.html
https://www.redhat.com/security/data/cve/CVE-2019-11810.html
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2019-066.json.