Vulnerability Found in RHEL 6 and RHEL 7 Based Kernels – Get the Patch Now!
January 19, 2017
Operating system hygiene is critical to maintain not only the stability of your systems, but your business too. Reboots are always a challenge when dealing with mission critical services and sensitive data. When you combine this with the need to achieve high levels of uptime and keeping everything secure, the time to manage it all can add up. Not to mention you face an increased risk of outside threats and attacks.
We’re here to help!
Our ever-vigilant Virtuozzo engineers discovered a security exploit in the Linux kernel (Bug 1284450 - CVE-2015-8539). This exploit allows intruders to crash the host from the host or from the container. This is a flaw in the Linux kernel key management that could let an attacker add additional user privileges or even crash the machine.
Virtuozzo was able to identify this and fix the flaw earlier than others. We have a dedicated engineering team focused on identifying and patching security flaws as soon as they are discovered. That, coupled with rebootless ReadyKernel™ updates that enable zero downtime, gives our customers access to the latest version of their Linux kernel and kernel patches without service interruptions.
This latest vulnerability has been confirmed to affect RHEL 6 (the fix for this is delivered through a normal patch and requires a reboot) and RHEL 7 kernels. We have deployed fixes for both versions of the RHEL operating system, and created a ReadyKernel live-patch for Virtuozzo 7 and CentOS 7 – see the link below.
Some of these updates contain publicly known kernel vulnerabilities and thus are considered as urgent installations.
For Virtuozzo 7 users, you can get it with the latest update via ReadyKernel. Virtuozzo ReadyKernel provides automated kernel patch tools that give users the latest security patches with zero downtime. ReadyKernel uses kpatch technology that applies a patch in seconds and won’t freeze running processes.
View the latest ReadyKernel patches here: https://readykernel.com/.