Important kernel security update: New kernel 2.6.32-042stab144.1; Virtuozzo 6.0 Update 12 Hotfix 51 (6.0.12-3757)

Issue date: 2020-05-21

Applies to: Virtuozzo 6.0

Virtuozzo Advisory ID: VZA-2020-037

1. Overview

This update provides a new kernel 2.6.32-042stab144.1 for Virtuozzo 6.0. It is based on the RHEL 6.10 kernel 2.6.32-754.29.2.el6 and inherits security and stability fixes from it. The new kernel also provides internal security and stability fixes.

2. Security Fixes

[Important] Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic. (CVE-2020-10711)
[Important] kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)
[Important] kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c. (CVE-2019-17133)
[Moderate] kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c. (CVE-2020-11565)
[Moderate] kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c. (CVE-2020-8648)
[Moderate] kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055)
[Moderate] kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service. (CVE-2019-15916)
[Low] kernel: offset2lib allows for the stack guard page to be jumped over. (CVE-2017-1000371)

3. Bug Fixes

Do not force memory reclaim during per-netns memory allocation for conntrack hash table. (PSBM-102730)

4. Installing the Update

Install the update with ‘yum update’. Reboot the host and switch to the new kernel.

5. References

The JSON file with the list of new and updated packages is available at JSON file.