Kernel security update: Virtuozzo ReadyKernel patch 109.0 for Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 2.5, 3.0, and Virtuozzo Hybrid Infrastructure 3.5¶
Issue date: 2020-06-23
Applies to: Virtuozzo Hybrid Infrastructure 3.5, Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 2.5, Virtuozzo Infrastructure Platform 3.0
Virtuozzo Advisory ID: VZA-2020-046
1. Overview¶
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform, and Virtuozzo Hybrid Infrastructure.
2. Security Fixes¶
[Moderate] [3.10.0-862.20.2.vz7.73.24 to 3.10.0-1127.8.2.vz7.151.14] Denial of service by corrupting mountpoint reference counter. It was discovered that a race condition was possible between pivot_root() and put_mountpoint() operations. A local unprivileged attacker could exploit this to corrupt mountpoint reference counter and cause a denial of service (kernel crash). (CVE-2020-12114)
3. Bug Fixes¶
[3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1062.12.1.vz7.131.10] ext4: potential kernel crash in ext4_cross_rename(): certain error cases were not checked properly. (PSBM-104563)
[3.10.0-1127.8.2.vz7.151.14] futex: potential system hang due to a missing unlock operation in the error path of futex_wait_requeue_pi(). (PSBM-104664)
4. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
5. References¶
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-109.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-109.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-109.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-109.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-109.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-116.7-109.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-131.10-109.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-151.14-109.0-1.vl7/
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2020-046.json.