On 09/26/2018 02:28 PM, Vasily Averin wrote: > Dear José Manuel, > thank you for this notification. > We know about this problem. > For Vz6 I'm waiting for new RHEL6 kernel with fix, > I expect it should be released today-tomorrow, > otherwise I'll backport the fixes from RHEL7 kernel. > openvz6 kernel will be released right after release of vz6 kernel. > > For Vz7 we're preparing ReadyKernel livepatch. > > We think about release of fixed kernel for OpenVz7 > however final decision is decision is not yet accepted.
We are going to make re-base on new RHEL7 kernel and build new openVz7 kernel in vz7-update9 unstable branch. We are not going to create fixed kernel in vz7-update8 stable branch. So openVz7 users can either: - use mitigation described in Red Hat bug - install fixed kernel from unstable branch (when it will be ready -- in few days or later) - switch to vz7 and use ReadyKernel livepatch (I expect it will be ready tomorrow) > In any case you can try to mitigate the problem by using systemtap script > taken from corresponding Red Hat bug: > https://bugzilla.redhat.com/show_bug.cgi?id=1624498#c10 > > Thank you, > Vasily Averin > > On 09/26/2018 12:57 PM, José Manuel Giner wrote: >> We need a patch for OpenVZ kernel >> >> A serious security vulnerability has been found within the Linux Kernel >> nicknamed "Mutagen Astronomy" that affects CentOS, RHEL and possible others. >> This exploit would allow an attacker to exploit a flaw in any SUID-root >> binary to easily obtain full root privileges. >> >> It is recommended that users take the necessary precautions immediately. >> RedHat has already released mitigation instructions referenced below. >> >> Reference(s): >> ------------ >> >> https://access.redhat.com/security/cve/cve-2018-14634 >> >> https://www.qualys.com/2018/09/25/cve-2018-14634/mutagen-astronomy-integer-overflow-linux-create_elf_tables-cve-2018-14634.txt >> >> -- >> José Manuel Giner >> >> >> _______________________________________________ >> Users mailing list >> Users@openvz.org >> https://lists.openvz.org/mailman/listinfo/users >> _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users