Welcome, Guest Login

Support Center

Important kernel security update: CVE-2018-3639 (x86 AMD) and other issues; new kernel 2.6.32-042stab132.1; Virtuozzo 6.0 Update 12 Hotfix 29 (6.0.12-3710)

Last Updated: Jul 18, 2018 08:10AM UTC

Issue date: 2018-07-17

Affected products: Virtuozzo 6.0

Virtuozzo Advisory ID: VZA-2018-048

1. Overview

This update provides a new kernel 2.6.32-042stab132.1 for Virtuozzo 6.0 that is a rebase to the Red Hat Enterprise Linux 6.10 kernel 2.6.32-754.2.1.el6. The new kernel introduces security fixes.

2. Security Fixes

  • [Important] [x86 AMD] An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)
  • [Moderate] By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). (CVE-2018-1120)
  • [Moderate] A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the 'Lazy FPU Restore' scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year. (CVE-2018-3665)
  • [Moderate] A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897. (CVE-2018-10872)

3. Installing the Update

Install the update by running 'yum update'.

4. References

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2018-048.json.

Open a new case
















  • You can call our Support Team:

     +1 855-466-6670  Toll-free
     +1 425-689-7142  US
     +44 203-389-8331  UK
     +49 8914-379-4365  DE
     +7 499-609-2754  RU
e13d0138f9baaceff06b8753a609e5c0@virtuozzo.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete