Lucene search

HistoryJun 27, 2019 - 12:00 a.m.

Kernel update: Virtuozzo ReadyKernel patch 82.2 for Virtuozzo 7.0.8 HF1 and 7.0.10 HF1


0.972 High




The fixes for CVE-2019-11477 and CVE-2019-11478 released in the ReadyKernel patch 82.0 turned out to cause network-related issues. These fixes are removed in this ReadyKernel patch for the kernels 3.10.0-862.11.6.vz7.64.7 (Virtuozzo 7.0.8 HF1) and 3.10.0-957.12.2.vz7.86.2 (Virtuozzo 7.0.10 HF1). Until the issues with the kernel fixes are resolved, you may consider other mitigations for CVE-2019-11477 and CVE-2019-11478, outlined in the referred link: either to disable selective acknowledgments system-wide for TCP connections, or to use iptables to drop connections with an MSS size that may allow to exploit the vulnerability. In addition, the patch fixes a stability issue.
Vulnerability id: PSBM-95718
It was possible that two or more versions of ReadyKernel patches for the same kernel were installed and loaded at the same time. This could lead to kernel crashes.