VirtuozzoVZA-2019-013Product update: Virtuozzo 7.0 Update 9 (7.0.9-534)
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.014 Low
EPSS
Percentile
86.3%
The Update 9 for Virtuozzo 7.0 provides new features as well as security, stability, and usability bug fixes.
Vulnerability id: CVE-2018-14634, PSBM-88914
An integer overflow flaw was found in create_elf_tables(). An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system.
Vulnerability id: CVE-2018-18559, PSBM-89677
It was discovered that a race condition between packet_do_bind() and packet_notifier() in the implementation of AF_PACKET could lead to use-after-free. An unprivileged user on the host or in a container could exploit this to crash the kernel or, potentially, to escalate their privileges in the system.
Vulnerability id: CVE-2018-14646, PSBM-90076
The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Virtuozzo | 7.0 | x86_64 | grubby | < 8.28-23.vz7.1 | grubby-8.28-23.vz7.1.x86_64.rpm |
| Virtuozzo | 7.0 | x86_64 | kpatch-kmod-73.24 | < 0.5.0-1.vl7 | kpatch-kmod-73.24-0.5.0-1.vl7.x86_64.rpm |
| Virtuozzo | 7.0 | noarch | sles-15-x86_64-ez | < 7.0.0-2.vz7 | sles-15-x86_64-ez-7.0.0-2.vz7.noarch.rpm |
| Virtuozzo | 7.0 | noarch | yum-plugin-scst | < 0.3-1.vz7 | yum-plugin-scst-0.3-1.vz7.noarch.rpm |
| Virtuozzo | 7.0 | noarch | ovmf | < 20171011-4.git92d07e48907f.vz7.8 | OVMF-20171011-4.git92d07e48907f.vz7.8.noarch.rpm |
| Virtuozzo | 7.0 | x86_64 | anaconda | < 21.48.22.134-3.vz7.47 | anaconda-21.48.22.134-3.vz7.47.x86_64.rpm |
| Virtuozzo | 7.0 | x86_64 | anaconda-core | < 21.48.22.134-3.vz7.47 | anaconda-core-21.48.22.134-3.vz7.47.x86_64.rpm |
| Virtuozzo | 7.0 | x86_64 | anaconda-dracut | < 21.48.22.134-3.vz7.47 | anaconda-dracut-21.48.22.134-3.vz7.47.x86_64.rpm |
| Virtuozzo | 7.0 | x86_64 | anaconda-gui | < 21.48.22.134-3.vz7.47 | anaconda-gui-21.48.22.134-3.vz7.47.x86_64.rpm |
| Virtuozzo | 7.0 | x86_64 | anaconda-tui | < 21.48.22.134-3.vz7.47 | anaconda-tui-21.48.22.134-3.vz7.47.x86_64.rpm |
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.014 Low
EPSS
Percentile
86.3%