Important kernel security update: New kernel 2.6.32-042stab144.1; Virtuozzo 6.0 Update 12 Hotfix 51 (6.0.12-3757)

Issue date: 2020-05-21

Applies to: Virtuozzo 6.0

Virtuozzo Advisory ID: VZA-2020-037

1. Overview

This update provides a new kernel 2.6.32-042stab144.1 for Virtuozzo 6.0. It is based on the RHEL 6.10 kernel 2.6.32-754.29.2.el6 and inherits security and stability fixes from it. The new kernel also provides internal security and stability fixes.

2. Security Fixes

  • [Important] Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic. (CVE-2020-10711)

  • [Important] kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)

  • [Important] kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c. (CVE-2019-17133)

  • [Moderate] kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c. (CVE-2020-11565)

  • [Moderate] kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c. (CVE-2020-8648)

  • [Moderate] kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055)

  • [Moderate] kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service. (CVE-2019-15916)

  • [Low] kernel: offset2lib allows for the stack guard page to be jumped over. (CVE-2017-1000371)

3. Bug Fixes

  • Do not force memory reclaim during per-netns memory allocation for conntrack hash table. (PSBM-102730)

4. Installing the Update

Install the update with ‘yum update’. Reboot the host and switch to the new kernel.