[Users] CVE-2018-14634
Vasily Averin
vvs at virtuozzo.com
Wed Sep 26 14:28:50 MSK 2018
Dear José Manuel,
thank you for this notification.
We know about this problem.
For Vz6 I'm waiting for new RHEL6 kernel with fix,
I expect it should be released today-tomorrow,
otherwise I'll backport the fixes from RHEL7 kernel.
openvz6 kernel will be released right after release of vz6 kernel.
For Vz7 we're preparing ReadyKernel livepatch.
We think about release of fixed kernel for OpenVz7
however final decision is decision is not yet accepted.
In any case you can try to mitigate the problem by using systemtap script
taken from corresponding Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1624498#c10
Thank you,
Vasily Averin
On 09/26/2018 12:57 PM, José Manuel Giner wrote:
> We need a patch for OpenVZ kernel
>
> A serious security vulnerability has been found within the Linux Kernel nicknamed "Mutagen Astronomy" that affects CentOS, RHEL and possible others. This exploit would allow an attacker to exploit a flaw in any SUID-root binary to easily obtain full root privileges.
>
> It is recommended that users take the necessary precautions immediately. RedHat has already released mitigation instructions referenced below.
>
> Reference(s):
> ------------
>
> https://access.redhat.com/security/cve/cve-2018-14634
>
> https://www.qualys.com/2018/09/25/cve-2018-14634/mutagen-astronomy-integer-overflow-linux-create_elf_tables-cve-2018-14634.txt
>
> --
> José Manuel Giner
>
>
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users
>
More information about the Users
mailing list