[Security] Virtuozzo ReadyKernel patch 127.0 for Virtuozzo Hybrid Server 7.0, 7.5 and Virtuozzo Hybrid Infrastructure 3.5, 4.0, 4.5¶

1. Overview¶

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7 and Virtuozzo Hybrid Infrastructure.

2. Security Fixes¶

• [Moderate] [3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1127.18.2.vz7.163.46] netfilter: potential memory corruption in certain setsockopt() operations. It was discovered that an attacker could use a specially crafted sequence of system calls in a container to trigger a memory corruption in the implementation of setsockopt() in the netfilter subsystem. This could result in a kernel crash, or, potentially, could allow the attacker to escalate their privileges. (PSBM-128140)

3. Bug Fixes¶

• [3.10.0-1127.18.2.vz7.163.46] ‘sit’ tunnels could not be created in the containers even if ‘sit:on’ was set in the features. (PSBM-127315)

• [3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1127.18.2.vz7.163.46] Memory leaks could happen when network-related structures were created for a starting container. (PSBM-92950)

4. Installing the Update¶

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

5. References¶

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-116.7-127.0-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-131.10-127.0-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-151.14-127.0-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-158.8-127.0-1.vl7/

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-163.46-127.0-1.vl7/

The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2021-023.json.