Production: CloudLinux 7 and CloudLinux 6 Hybrid kernel with the fix for the Zombieload2 vulnerabilities is available
CloudLinux 7 and CloudLinux 6 Hybrid kernel with the fix for the Zombieload2 vulnerabilities is now available for download from our production repository.To get ongoing information related to the Zombieload2 vulnerabilities, follow our KernelCare blog.
Update
To secure your CloudLinux 7 and CloudLinux 6 hybrid servers, you should proceed as we did with the previous MDS vulnerability: update microcode along with the kernel update.
For CloudLinux 7, run the command:
yum upgrade -y microcode_ctl && yum install kernel-3.10.0-962.3.2.lve1.5.27.el7 |
For CloudLinux 6 Hybrid, run the command:
yum upgrade -y microcode_ctl && yum install kernel-3.10.0-962.3.2.lve1.5.27.el6h |
Changelog
- CLKRN-542: fix CVE-2019–0155, CVE-2019–0154, CVE-2019-11135, CVE-2018–12207
- CLKRN-539: CVE-2019-15098: ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
- CLKRN-539: x86/speculation/mds: apply more accurate check on the hypervisor platform
- CLKRN-539: hpet: fix division by zero in hpet_time_div()
- CLKRN-539: sched/numa: Move task_numa_free() to __put_task_struct()
- CLKRN-539: sched/fair: Don't free p->numa_faults with concurrent readers
- CLKRN-539: tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
- CLKRN-539: tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
- CLKRN-539: sched/fair: don't assign runtime for throttled cfs_rq
- CLKRN-539: signal/pid_namespace: fix reboot_pid_ns to use send_sig not force_sig
- CLKRN-539: crypto: talitos - check AES key size
- CLKRN-539: crypto: ghas - fix unaligned memory access in ghash_setkey()
- CLKRN-539: x86/ptrace: fix possible spectre-v1 in ptrace_get_debugreg()
- KMODLVE-292: preserve task's original umask when entering LVE