Production: CloudLinux 6 kernel with the fix for the Zombieload2 is available

b2ap3_large_b2ap3_large_mds2 (2)
CloudLinux 6 kernel with the fix for the Zombieload2 vulnerabilities is now available for download from our production repository.

To get ongoing information related to the Zombieload2 vulnerabilities, follow our KernelCare blog.

To secure your CloudLinux 6 servers, you should proceed as we did with the previous MDS vulnerability: update microcode along with the kernel update.

For CloudLinux 6, run the command:

yum upgrade -y microcode_ctl && yum install kernel-2.6.32-954.3.5.lve1.4.75.el6

Changelog

  • CKSIX-244: CVE-2018-12207
    • CKSIX-244: x86/bugs: Add ITLB_MULTIHIT bug infrastructure
  • CKSIX-244: CVE-2019-11135
    • x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    • x86/speculation/taa: Add mitigation for TSX Async Abort
    • x86/cpu: Add the "tsx=" cmdline option with TSX disabled by default
    • x86/cpu: Add the helper function x86_read_arch_cap_msr()
    • x86/msr: Add the IA32_TSX_CTRL MSR
    • x86/boot: Add early cmdline parsing for options with arguments
    • x86/boot: Pass in size to early cmdline parsing
    • x86/boot: Simplify early command line parsing
    • x86/boot: Fix early command line parsing when partial word matches
    • x86/boot: Fix early command line parsing when matching at end
    • x86/boot: Carve out early cmdline parsing function
  • CKSIX-243: Make io stats available for reading

Production: CloudLinux 6 kernel with the fix for the Zombieload2 is available

b2ap3_large_b2ap3_large_mds2 (2)
CloudLinux 6 kernel with the fix for the Zombieload2 vulnerabilities is now available for download from our production repository.

To get ongoing information related to the Zombieload2 vulnerabilities, follow our KernelCare blog.

To secure your CloudLinux 6 servers, you should proceed as we did with the previous MDS vulnerability: update microcode along with the kernel update.

For CloudLinux 6, run the command:

yum upgrade -y microcode_ctl && yum install kernel-2.6.32-954.3.5.lve1.4.75.el6

Changelog

  • CKSIX-244: CVE-2018-12207
    • CKSIX-244: x86/bugs: Add ITLB_MULTIHIT bug infrastructure
  • CKSIX-244: CVE-2019-11135
    • x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    • x86/speculation/taa: Add mitigation for TSX Async Abort
    • x86/cpu: Add the "tsx=" cmdline option with TSX disabled by default
    • x86/cpu: Add the helper function x86_read_arch_cap_msr()
    • x86/msr: Add the IA32_TSX_CTRL MSR
    • x86/boot: Add early cmdline parsing for options with arguments
    • x86/boot: Pass in size to early cmdline parsing
    • x86/boot: Simplify early command line parsing
    • x86/boot: Fix early command line parsing when partial word matches
    • x86/boot: Fix early command line parsing when matching at end
    • x86/boot: Carve out early cmdline parsing function
  • CKSIX-243: Make io stats available for reading
imunify-logo

WEB SERVER SECURITY BLOG

Subscribe to CloudLinux Newsletter