[Important] [Security] New kernel 2.6.32-042stab146.1; Virtuozzo 6.0 Update 12 Hotfix 54 (6.0.12-3761)¶
Issue date: 2021-08-03
Applies to: Virtuozzo 6.0
Virtuozzo Advisory ID: VZA-2021-040
1. Overview¶
This update provides a new kernel 2.6.32-042stab146.1 for Virtuozzo 6.0. It is based on the RHEL 6.10 kernel 2.6.32-754.41.2.el6 and inherits security and stability fixes from it. The new kernel also provides an internal stability fix.
2. Security Fixes¶
[Important] Kernel: Use after free via PI futex state. (CVE-2021-3347)
[Important] Kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)
[Important] Kernel: Integer overflow in Intel(R) Graphics Drivers. (CVE-2020-12362)
[Important] Kernel: out-of-bounds read in libiscsi module. (CVE-2021-27364)
[Important] Kernel: heap buffer overflow in the iSCSI subsystem. (CVE-2021-27365)
[Important] Kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free. (CVE-2020-29661)
[Important] Kernel: size_t-to-int conversion vulnerability in the filesystem layer. (CVE-2021-33909)
[Moderate] Kernel: x86_32: BUG in syscall auditing. (CVE-2014-4508)
[Moderate] Kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c. (CVE-2019-14896)
[Moderate] Kernel: increase slab leak leads to DoS. (CVE-2021-20265)
3. Bug Fixes¶
Host could crash on stopping a container with a GRE tunnel inside. (PSBM-130669)
4. Installing the Update¶
The update is only available for customers subscribed to the Extended Lifecycle Support (ELS) program. Install the update with ‘yum update’. Reboot the host and switch to the new kernel.
5. References¶
https://www.redhat.com/security/data/cve/CVE-2019-11487.html
https://www.redhat.com/security/data/cve/CVE-2020-12362.html
https://www.redhat.com/security/data/cve/CVE-2019-14896.html
https://www.redhat.com/security/data/cve/CVE-2021-20265.html
https://www.redhat.com/security/data/cve/CVE-2021-27364.html
https://www.redhat.com/security/data/cve/CVE-2021-27366.html
https://www.redhat.com/security/data/cve/CVE-2020-29661.html
https://www.redhat.com/security/data/cve/CVE-2021-33909.html
The new and updated packages are listed in the JSON file.