[Security] Virtuozzo ReadyKernel patch 126.0 for Virtuozzo Hybrid Server 7.0, 7.5 and Virtuozzo Hybrid Infrastructure 3.5, 4.0, 4.5¶
Issue date: 2021-04-20
Applies to: Virtuozzo Hybrid Infrastructure 3.5, Virtuozzo Hybrid Infrastructure 4.0, Virtuozzo Hybrid Infrastructure 4.5, Virtuozzo Hybrid Server 7.0, Virtuozzo Hybrid Server 7.5
Virtuozzo Advisory ID: VZA-2021-020
1. Overview¶
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7 and Virtuozzo Hybrid Infrastructure.
2. Security Fixes¶
[Moderate] [3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1127.18.2.vz7.163.46] netfilter: potential memory corruption could happen when CLUSTERIP was used. It was discovered that an attacker could trigger kernel memory corruption from a container by using a specially crafted sequence of operations with CLUSTERIP-related netfilter rules. (PSBM-128405)
3. Bug Fixes¶
[3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1127.18.2.vz7.163.46] The kernel could crash in kmapset_hash() while stopping a container. (PSBM-127478)
[3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1127.18.2.vz7.163.46] Incorrect updates of page cache during certain operations with Virtuozzo Storage could lead to kernel crash. (VSTOR-42863)
4. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
5. References¶
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-116.7-126.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-131.10-126.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-151.14-126.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-158.8-126.0-1.vl7/
https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-163.46-126.0-1.vl7/
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2021-020.json.