Skip to main content

OpenVZ/Virtuozzo Kernelcare update

Comments

8 comments

  • Irina Semenova
    Hello! We have faced some issues while testing this stab. Now it is resolved, so you can check for update Nov 28.:) Regards,
    0
  • Irina Semenova
    Will this patch include fix for CVE-2017-16939? It is not listed in fixes for 2.6.32-042stab126.1 (https://openvz.org/Download/kernel/rhel6/042stab126.1). It has been 5 days since anyone could kill OpenVZ host from within container using CVE-2017-16939 (see attachment). ;(
    0
  • Irina Semenova
    Also CVE-2017-16994 and CVE-2017-1000405, security researchers were busy lately. :o It would be nice to have some sort of status page with CVEs that are being worked on and which ones were fixed.
    0
  • Irina Semenova
    Hello! Thank you for your suggestion. We are planning to add such system next year.
    0
  • Irina Semenova
    Over a month has passed and I'm still able to crash OpenVZ host from within user container using CVE-2017-16939. This vulnerability has CVSS v3 Base Score 7.8 (High). Is there any reason that it has not been fixed yet?

    kpatch-state: patch is applied
    kpatch-for: Linux version 2.6.32-042stab125.5 (root@kbuild-rh6-x64.eng.sw.ru) (gcc version 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) ) #1 SMP Tue Oct 17 12:48:22 MSK 2017
    kpatch-build-time: Thu Dec 14 11:29:28 2017
    kpatch-description: 5-;2.6.32-042stab126.2

    P.S.
    It says that my account on the forum has been blocked, I don't know why.
    0
  • Igor Ghertesco
    Hello,

    Could you please submit a ticket to https://cloudlinux.zendesk.com/hc/en-us/requests/new (KernelCare department)? We will take a closer look
    0
  • Igor Ghertesco
    Submitted as 23262 - it looks like it was assumed, that OpenVZ kernel for CentOS 6 was not vulnerable. I guess it will be fixed after intel bug.
    0
  • Vladimir Marchuk
    Hello,

    Thank you for your reply. This task is under investigation.
    We'll update you as soon as we have more information.
    0

Please sign in to leave a comment.