[Important] [Security] Virtuozzo ReadyKernel patch 130.0 for Virtuozzo Hybrid Server 7.0, 7.5 and Virtuozzo Hybrid Infrastructure 3.5, 4.0, 4.5, 4.6¶
Issue date: 2021-07-22
Applies to: Virtuozzo Hybrid Infrastructure 3.5, Virtuozzo Hybrid Infrastructure 4.0, Virtuozzo Hybrid Infrastructure 4.5, Virtuozzo Hybrid Infrastructure 4.6, Virtuozzo Hybrid Server 7.0, Virtuozzo Hybrid Server 7.5
Virtuozzo Advisory ID: VZA-2021-037
The cumulative Virtuozzo ReadyKernel patch was updated with a security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7 and Virtuozzo Hybrid Infrastructure.
2. Security Fixes¶
[Important] [3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1160.21.1.vz7.174.13] size_t-to-int conversion vulnerability in the filesystem layer. It was discovered that the implementation of seq_file files in the Linux kernel contained an error related to integer conversion (size_t to a signed integer). A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909)
3. Installing the Update¶
Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2021-037.json.