readykernel-patch-40.4-43.0-1.vl7

Distribution:
Virtuozzo 7
Kernel Update Version:
3.10.0-693.11.6.vz7.40.4
Release Date:
2018-02-02 12:08:48
  • PSBM-81033

    Docker v17.11 and newer failed to start in a container.

    Starting from v17.11, Docker checks is all cgroups are mounted and refuses to start if some cgroups are not. Some of Virtuozzo-specific cgroups were visible in the containers and were not mounted there, which prevented Docker from starting properly.
  • PSBM-81090

    Kernel crash in mem_cgroup_iter().

  • PSBM-80839

    Potential denial of service due to extensive memory consumption.

    It was discovered that some operations with files in a container could lead to denial of service on the host due to extensive memory consumption.
  • CVE-2018-5344

    loop: potential data race between open() and release() leading to use-after-free.

    It was found that release() operation for the loop devices has insufficient protection for the device structures against the accesses from the concurrent open() operations. A local attacker can use specially arranged concurrent operations with a loop device to cause a denial of service (kernel crash due to a use-after-free error).
    https://bugzilla.redhat.com/show_bug.cgi?id=1533909
  • CVE-2017-18017

    netfilter: Use-after-free in tcpmss_mangle_packet().

    If the system uses iptables and there are iptables rules with TCPMSS action there, a remote attacker may cause a denial of service (use-after-free in tcpmss_mangle_packet function leading to memory corruption) or possibly have unspecified other impact by sending specially crafted network packets.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-18017