CloudLinux OS Blog - We stopped the second Zombieload invasion
CloudLinux OS Blog

Featured 

We stopped the second Zombieload invasion

b2ap3_large_mds2

The latest set of Intel CPU vulnerabilities, called Zombieload2, has been addressed by us here at CloudLinux. Our KernelCare service has already started delivering patches for it, ensuring that your servers are protected against it.

And I’m here to announce that CloudLinux 7 and CloudLinux 6 Hybrid kernel with the fix for the Zombieload2 vulnerabilities is now available for download from our updates-testing repository.

To get ongoing information related to the Zombieload2 vulnerabilities, follow our KernelCare blog.

Update

To secure your CloudLinux 7 and CloudLinux 6 hybrid servers, you should proceed as we did with the previous MSD vulnerability: update microcode along with the kernel update.

For CloudLinux 7, run the command:

yum upgrade -y microcode_ctl && yum install kernel-3.10.0-962.3.2.lve1.5.27.el7 --enablerepo=cloudlinux-updates-testing

For CloudLinux 6 Hybrid, run the command:

yum upgrade -y microcode_ctl && yum install kernel-3.10.0-962.3.2.lve1.5.27.el6h --enablerepo=cloudlinux-hybrid-testing

Changelog

  • CLKRN-542: fix CVE-2019–0155, CVE-2019–0154, CVE-2019-11135, CVE-2018–12207
  • CLKRN-539: CVE-2019-15098: ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
  • CLKRN-539: x86/speculation/mds: apply more accurate check on the hypervisor platform
  • CLKRN-539: hpet: fix division by zero in hpet_time_div()
  • CLKRN-539: sched/numa: Move task_numa_free() to __put_task_struct()
  • CLKRN-539: sched/fair: Don't free p->numa_faults with concurrent readers
  • CLKRN-539: tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
  • CLKRN-539: tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
  • CLKRN-539: sched/fair: don't assign runtime for throttled cfs_rq
  • CLKRN-539: signal/pid_namespace: fix reboot_pid_ns to use send_sig not force_sig
  • CLKRN-539: crypto: talitos - check AES key size
  • CLKRN-539: crypto: ghas - fix unaligned memory access in ghash_setkey()
  • CLKRN-539: x86/ptrace: fix possible spectre-v1 in ptrace_get_debugreg()
  • KMODLVE-292: preserve task's original umask when entering LVE
Kernel and kernel module for CloudLinux 7 hybrid u...
Beta: Alt-PHP74 updated
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 10 December 2019

Captcha Image