Forum
  1. Forums
  2. KernelCare
  3. KernelCare General Discussion
  1. Scott Mutter
  2. Monday, November 27, 2017
  3.  Subscribe via email
OpenVZ released 2.6.32-042stab126.1 on November 21. The Kernelcare kernel for OpenVZ is still at 2.6.32-042stab125.5. Are there any plans to update this to 2.6.32-042stab126.1?
Rate this post:
  1. 28.11.2017 09:11:23
  2. # 1
Irina Accepted Answer
Posts: 4
Joined: 05.10.2017
0
Votes
Undo
Hello!

We have faced some issues while testing this stab. Now it is resolved, so you can check for update Nov 28.:)

Regards,
  1. 28.11.2017 15:11:06
  2. # 2
Bartosz Kwitniewski Accepted Answer
Posts: 0
Joined: 18.01.2018
0
Votes
Undo
Will this patch include fix for CVE-2017-16939? It is not listed in fixes for 2.6.32-042stab126.1 (https://openvz.org/Download/kernel/rhel6/042stab126.1). It has been 5 days since anyone could kill OpenVZ host from within container using CVE-2017-16939 (see attachment). ;(
Attachments (1)
  1. 30.11.2017 02:11:48
  2. # 3
Bartosz Kwitniewski Accepted Answer
Posts: 0
Joined: 18.01.2018
0
Votes
Undo
Also CVE-2017-16994 and CVE-2017-1000405, security researchers were busy lately. :o It would be nice to have some sort of status page with CVEs that are being worked on and which ones were fixed.
  1. 01.12.2017 11:12:41
  2. # 4
Irina Accepted Answer
Posts: 4
Joined: 05.10.2017
0
Votes
Undo
Also CVE-2017-16994 and CVE-2017-1000405, security researchers were busy lately. :o It would be nice to have some sort of status page with CVEs that are being worked on and which ones were fixed.


Hello!
Thank you for your suggestion. We are planning to add such system next year.
  1. 27.12.2017 14:12:32
  2. # 5
Bartosz Kwitniewski Accepted Answer
Posts: 0
Joined: 18.01.2018
0
Votes
Undo
Over a month has passed and I'm still able to crash OpenVZ host from within user container using CVE-2017-16939. This vulnerability has CVSS v3 Base Score 7.8 (High). Is there any reason that it has not been fixed yet?

kpatch-state: patch is applied
kpatch-for: Linux version 2.6.32-042stab125.5 ([email protected]) (gcc version 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) ) #1 SMP Tue Oct 17 12:48:22 MSK 2017
kpatch-build-time: Thu Dec 14 11:29:28 2017
kpatch-description: 5-;2.6.32-042stab126.2

P.S.
It says that my account on the forum has been blocked, I don't know why.
  1. 02.01.2018 10:01:28
  2. # 6
Igor Ghertesco Accepted Answer
Posts: 78
Joined: 07.08.2015
0
Votes
Undo
Hello,

Could you please submit a ticket to https://cloudlinux.zendesk.com/hc/en-us/requests/new (KernelCare department)? We will take a closer look
  1. 10.01.2018 09:01:30
  2. # 7
Bartosz Kwitniewski Accepted Answer
Posts: 0
Joined: 18.01.2018
0
Votes
Undo
Submitted as 23262 - it looks like it was assumed, that OpenVZ kernel for CentOS 6 was not vulnerable. I guess it will be fixed after intel bug.
  1. 11.01.2018 19:01:44
  2. # 8
Vladimir Accepted Answer
Posts: 45
Joined: 04.07.2017
0
Votes
Undo
Hello,

Thank you for your reply. This task is under investigation.
We'll update you as soon as we have more information.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Remove Upload Files (Maximum File Size: 2 MB)
You may insert polls into your post. The poll would then appear in the post.
Vote Options
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.