[Important] [Security] Virtuozzo ReadyKernel patch 130.0 for Virtuozzo Server 7.0, 7.5 and Virtuozzo Infrastructure 3.5, 4.0, 4.5, 4.6

Issue date: 2021-07-22

Applies to: Virtuozzo Infrastructure 3.5, Virtuozzo Infrastructure 4.0, Virtuozzo Infrastructure 4.5, Virtuozzo Infrastructure 4.6, Virtuozzo Server 7.0, Virtuozzo Server 7.5

Virtuozzo Advisory ID: VZA-2021-037

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with a security fixes. The patch applies to all supported kernels of Virtuozzo Server 7 and Virtuozzo Infrastructure.

2. Security Fixes

• [Important] [3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1160.21.1.vz7.174.13] size_t-to-int conversion vulnerability in the filesystem layer. It was discovered that the implementation of seq_file files in the Linux kernel contained an error related to integer conversion (size_t to a signed integer). A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909)

3. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

4. References

• https://www.openwall.com/lists/oss-security/2021/07/20/1
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-116.7-130.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-131.10-130.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-151.14-130.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-158.8-130.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-163.46-130.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-174.13-130.0-1.vl7/

The JSON file with the list of new and updated packages is available at JSON file.