readykernel-patch-43.10-48.0-1.vl7

Distribution:
Virtuozzo 7
Kernel Update Version:
3.10.0-693.17.1.vz7.43.10
Release Date:
2018-04-10 10:14:57
  • PSBM-79229

    Live migration of containers failed: it could not create tun device.

    If a container used its own network namespace for tun devices, suspend/resume and live migration of the container would fail with errors like "Can't create tun device".
  • PSBM-81798

    IPv6 routing tables incorrectly handled routing rules for throw routes.

    It was discovered that IPv6 routing tables incorrectly handled routing rules for throw routes. This happened because errors were not propagated properly up to the fib_rules_lookup().
  • PSBM-82766

    Container remained mounted in some cases after 'shutdown -h now' in it.

    It was discovered that incorrect state of a container could be reported in /sys/fs/cgroup/ve/CTID/ve.state in some cases, which confused the user-space tools. As a result, a container could remain mounted after 'shutdown -h now' in it.
  • PSBM-82984

    Potential kernel crash in fs/file.c: out-of-bounds access to the file descriptor table.

  • CVE-2018-1068

    ebtables: out-of-bounds write via userland offsets in ebt_entry struct.

    It was discovered that the implementation of ebtables in the kernel did not properly validate the offsets received from the user space. A local user with enough privileges in the user and network namespaces could use that to trigger an out-of-bounds write to the kernel address space.
    https://bugzilla.redhat.com/show_bug.cgi?id=1552048
  • PSBM-81940

    tcache invalidation was broken.

    The fix for a race in tcache inadvertently broke tcache invalidation, leading to kernel warnings in tcache_invalidate_node_pages() among other things.
  • PSBM-81939

    Potential kernel hang (endless loop) in try_charge().