[Security] Virtuozzo ReadyKernel patch 127.0 for Virtuozzo Server 7.0, 7.5 and Virtuozzo Infrastructure 3.5, 4.0, 4.5

Issue date: 2021-05-17

Applies to: Virtuozzo Infrastructure 3.5, Virtuozzo Infrastructure 4.0, Virtuozzo Infrastructure 4.5, Virtuozzo Server 7.0, Virtuozzo Server 7.5

Virtuozzo Advisory ID: VZA-2021-023

1. Overview

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to all supported kernels of Virtuozzo Server 7 and Virtuozzo Infrastructure.

2. Security Fixes

• [Moderate] [3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1127.18.2.vz7.163.46] netfilter: potential memory corruption in certain setsockopt() operations. It was discovered that an attacker could use a specially crafted sequence of system calls in a container to trigger a memory corruption in the implementation of setsockopt() in the netfilter subsystem. This could result in a kernel crash, or, potentially, could allow the attacker to escalate their privileges. (PSBM-128140)

3. Bug Fixes

• [3.10.0-1127.18.2.vz7.163.46] ‘sit’ tunnels could not be created in the containers even if ‘sit:on’ was set in the features. (PSBM-127315)
• [3.10.0-1062.4.2.vz7.116.7 to 3.10.0-1127.18.2.vz7.163.46] Memory leaks could happen when network-related structures were created for a starting container. (PSBM-92950)

4. Installing the Update

Download, install, and immediately apply the patch to the current kernel by running ‘readykernel update’.

5. References

• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-116.7-127.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-131.10-127.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-151.14-127.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-158.8-127.0-1.vl7/
• https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-163.46-127.0-1.vl7/

The JSON file with the list of new and updated packages is available at JSON file.