CloudLinux OS 6/7/8 kernel with the fix for the CVEs (CVE-2021-22555, CVE-2021-33909, and CVE-2020-27170) has been rolled out to 100% and is now available for download from our production repository.
Changelog
kernel-2.6.32-954.3.5.lve1.4.85.el6
- CKSIX-279: CVE-2021-22555: netfilter: x_tables: add missing tables zeroing
- CKSIX-279: CVE-2021-22555: netfilter: x_tables: fix compat match/target pad out-of-bound write
kernel-4.18.0-305.10.2.2.lve.el8.x86_64
- Based on rhel8-305.10.2
- CLKRN-795: CVE-2021-22555: x_tables: fix compat match/target pad out-of-bound write
- CLKRN-726: CVE-2020-27170 bpf: Add sanity check for upper ptr_limit
- CLKRN-726: CVE-2020-27170: bpf: Simplify alu_limit masking for pointer arithmetic
- CLKRN-726: CVE-2020-27170: bpf: Fix off-by-one for area size in creating mask to left
- CLKRN-726: CVE-2020-27170: bpf: Prohibit alu ops for pointer types not defining ptr_limit
kernel-4.18.0-305.10.2.2.lve.el7h.x86_64
- Based on rhel8-305.10.2
- CLKRN-795: CVE-2021-22555: x_tables: fix compat match/target pad out-of-bound write
- CLKRN-726: CVE-2020-27170 bpf: Add sanity check for upper ptr_limit
- CLKRN-726: CVE-2020-27170: bpf: Simplify alu_limit masking for pointer arithmetic
- CLKRN-726: CVE-2020-27170: bpf: Fix off-by-one for area size in creating mask to left
- CLKRN-726: CVE-2020-27170: bpf: Prohibit alu ops for pointer types not defining ptr_limit
kernel-3.10.0-962.3.2.lve1.5.60.el7
- CLKRN-797: CVE-2021-33909: seq_file: disallow extremely large seq buffer allocation
kernel-3.10.0-962.3.2.lve1.5.60.el6h
- CLKRN-797: CVE-2021-33909: seq_file: disallow extremely large seq buffer allocation
Update command
CloudLinux OS 6
yum install kernel-2.6.32-954.3.5.lve1.4.85.el6
CloudLinux OS 8
yum install kernel-4.18.0-305.10.2.2.lve.el8.x86_64
kmod-lve-2.0-35.el8.x86_64
CloudLinux OS 7 hybrid
yum install kernel-4.18.0-305.10.2.2.lve.el7h.x86_64
kmod-lve-2.0-35.el7h.x86_64
CloudLinux OS 7
yum install kernel-3.10.0-962.3.2.lve1.5.60.el7
CloudLinux OS 6 hybrid
yum install kernel-3.10.0-962.3.2.lve1.5.60.el6h