[Security] Virtuozzo ReadyKernel patch 126.0 for Virtuozzo Hybrid Server 7.0, 7.5 and Virtuozzo Hybrid Infrastructure 3.5, 4.0, 4.5¶
Issue date: 2021-04-20
Applies to: Virtuozzo Hybrid Infrastructure 3.5, Virtuozzo Hybrid Infrastructure 4.0, Virtuozzo Hybrid Infrastructure 4.5, Virtuozzo Hybrid Server 7.0, Virtuozzo Hybrid Server 7.5
Virtuozzo Advisory ID: VZA-2021-020
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7 and Virtuozzo Hybrid Infrastructure.
2. Security Fixes¶
[Moderate] [3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1127.18.2.vz7.163.46] netfilter: potential memory corruption could happen when CLUSTERIP was used. It was discovered that an attacker could trigger kernel memory corruption from a container by using a specially crafted sequence of operations with CLUSTERIP-related netfilter rules. (PSBM-128405)
3. Bug Fixes¶
[3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1127.18.2.vz7.163.46] The kernel could crash in kmapset_hash() while stopping a container. (PSBM-127478)
[3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1127.18.2.vz7.163.46] Incorrect updates of page cache during certain operations with Virtuozzo Storage could lead to kernel crash. (VSTOR-42863)
4. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2021-020.json.