[Users] CVE-2018-14634

Vasily Averin vvs at virtuozzo.com
Wed Sep 26 19:31:15 MSK 2018


On 09/26/2018 02:28 PM, Vasily Averin wrote:
> Dear José Manuel,
> thank you for this notification.
> We know about this problem.
> For Vz6 I'm waiting for new RHEL6 kernel with fix, 
> I expect it should be released today-tomorrow,
> otherwise I'll backport the fixes from RHEL7 kernel.
> openvz6 kernel will be released right after release of vz6 kernel.
> 
> For Vz7 we're preparing ReadyKernel livepatch.
> 
> We think about release of fixed kernel for OpenVz7
> however final decision is decision is not yet accepted. 

We are going to make re-base on new RHEL7 kernel
and build new openVz7 kernel in vz7-update9 unstable branch.

We are not going to create fixed kernel in vz7-update8 stable branch.

So openVz7 users can either:
- use mitigation described in Red Hat bug
- install fixed kernel from unstable branch (when it will be ready -- in few days or later)
- switch to vz7 and use ReadyKernel livepatch (I expect it will be ready tomorrow)

> In any case you can try to mitigate the problem by using systemtap script
> taken from corresponding Red Hat bug:
> https://bugzilla.redhat.com/show_bug.cgi?id=1624498#c10
> 
> Thank you,
> 	Vasily Averin
> 
> On 09/26/2018 12:57 PM, José Manuel Giner wrote:
>> We need a patch for OpenVZ kernel
>>
>> A serious security vulnerability has been found within the Linux Kernel nicknamed "Mutagen Astronomy" that affects CentOS, RHEL and possible others. This exploit would allow an attacker to exploit a flaw in any SUID-root binary to easily obtain full root privileges.
>>
>> It is recommended that users take the necessary precautions immediately. RedHat has already released mitigation instructions referenced below.
>>
>> Reference(s):
>> ------------
>>
>> https://access.redhat.com/security/cve/cve-2018-14634
>>
>> https://www.qualys.com/2018/09/25/cve-2018-14634/mutagen-astronomy-integer-overflow-linux-create_elf_tables-cve-2018-14634.txt
>>
>> -- 
>> José Manuel Giner
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://lists.openvz.org/mailman/listinfo/users
>>


More information about the Users mailing list