[Users] CVE-2018-14634

[Vasily Averin]

On 09/26/2018 02:28 PM, Vasily Averin wrote:
> Dear José Manuel,
> thank you for this notification.
> We know about this problem.
> For Vz6 I'm waiting for new RHEL6 kernel with fix, 
> I expect it should be released today-tomorrow,
> otherwise I'll backport the fixes from RHEL7 kernel.
> openvz6 kernel will be released right after release of vz6 kernel.

Our current release candidate 042stab133.3 can be found here
http://fe.virtuozzo.com/f42ca6a0c59e6a19b9405ab7ba713689/

Kernel is under testing now.
however if you do not want to wait -- feel free to use it,
we love additional testing and we'll be happy to receive any feedback about its work.

Also we're still waiting for new RHEL6 kernel.
If it will be published until next wednsday 
we'll skip 042stab133.3 and will build and release 042stab134.x kernel instead.

Thank you,
	Vasily Averin

> On 09/26/2018 12:57 PM, José Manuel Giner wrote:
>> We need a patch for OpenVZ kernel
>>
>> A serious security vulnerability has been found within the Linux Kernel nicknamed "Mutagen Astronomy" that affects CentOS, RHEL and possible others. This exploit would allow an attacker to exploit a flaw in any SUID-root binary to easily obtain full root privileges.
>>
>> It is recommended that users take the necessary precautions immediately. RedHat has already released mitigation instructions referenced below.
>>
>> Reference(s):
>> ------------
>>
>> https://access.redhat.com/security/cve/cve-2018-14634
>>
>> https://www.qualys.com/2018/09/25/cve-2018-14634/mutagen-astronomy-integer-overflow-linux-create_elf_tables-cve-2018-14634.txt
>>
>> -- 
>> José Manuel Giner
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://lists.openvz.org/mailman/listinfo/users
>>
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users
>