[Important] [Security] New kernel 2.6.32-042stab146.2; Virtuozzo 6.0 Update 12 Hotfix 55 (6.0.12-3762)

Issue date: 2021-01-11

Applies to: Virtuozzo 6.0

Virtuozzo Advisory ID: VZA-2022-001

1. Overview

This update provides a new kernel 2.6.32-042stab146.2 for Virtuozzo 6.0. It is based on the RHEL 6.10 kernel 2.6.32-754.41.2.el6 and provides a security fix.

2. Security Fixes

  • [Important] A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. (CVE-2021-4155)

3. Installing the Update

The update is only available for customers subscribed to the Extended Lifecycle Support (ELS) program. Install the update with yum update. Reboot the host and switch to the new kernel.

4. References

The new and updated packages are listed in the JSON file.