We stopped the second Zombieload invasion

b2ap3_large_b2ap3_large_mds2
The latest set of Intel CPU vulnerabilities, called Zombieload2, has been addressed by us here at CloudLinux. Our KernelCare service has already started delivering patches for it, ensuring that your servers are protected against it.

And I’m here to announce that CloudLinux 7 and CloudLinux 6 Hybrid kernel with the fix for the Zombieload2 vulnerabilities is now available for download from our updates-testing repository.

To get ongoing information related to the Zombieload2 vulnerabilities, follow our KernelCare blog.

Update

To secure your CloudLinux 7 and CloudLinux 6 hybrid servers, you should proceed as we did with the previous MSD vulnerability: update microcode along with the kernel update.

For CloudLinux 7, run the command:

yum upgrade -y microcode_ctl && yum install kernel-3.10.0-962.3.2.lve1.5.27.el7 --enablerepo=cloudlinux-updates-testing

Hybrid, run the command:

yum upgrade -y microcode_ctl && yum install kernel-3.10.0-962.3.2.lve1.5.27.el6h --enablerepo=cloudlinux-hybrid-testing

Changelog

  • CLKRN-542: fix CVE-2019–0155, CVE-2019–0154, CVE-2019-11135, CVE-2018–12207
  • CLKRN-539: CVE-2019-15098: ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
  • CLKRN-539: x86/speculation/mds: apply more accurate check on the hypervisor platform
  • CLKRN-539: hpet: fix division by zero in hpet_time_div()
  • CLKRN-539: sched/numa: Move task_numa_free() to __put_task_struct()
  • CLKRN-539: sched/fair: Don't free p->numa_faults with concurrent readers
  • CLKRN-539: tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
  • CLKRN-539: tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
  • CLKRN-539: sched/fair: don't assign runtime for throttled cfs_rq
  • CLKRN-539: signal/pid_namespace: fix reboot_pid_ns to use send_sig not force_sig
  • CLKRN-539: crypto: talitos - check AES key size
  • CLKRN-539: crypto: ghas - fix unaligned memory access in ghash_setkey()
  • CLKRN-539: x86/ptrace: fix possible spectre-v1 in ptrace_get_debugreg()
  • KMODLVE-292: preserve task's original umask when entering LVE

We stopped the second Zombieload invasion

b2ap3_large_b2ap3_large_mds2
The latest set of Intel CPU vulnerabilities, called Zombieload2, has been addressed by us here at CloudLinux. Our KernelCare service has already started delivering patches for it, ensuring that your servers are protected against it.

And I’m here to announce that CloudLinux 7 and CloudLinux 6 Hybrid kernel with the fix for the Zombieload2 vulnerabilities is now available for download from our updates-testing repository.

To get ongoing information related to the Zombieload2 vulnerabilities, follow our KernelCare blog.

Update

To secure your CloudLinux 7 and CloudLinux 6 hybrid servers, you should proceed as we did with the previous MSD vulnerability: update microcode along with the kernel update.

For CloudLinux 7, run the command:

yum upgrade -y microcode_ctl && yum install kernel-3.10.0-962.3.2.lve1.5.27.el7 --enablerepo=cloudlinux-updates-testing

Hybrid, run the command:

yum upgrade -y microcode_ctl && yum install kernel-3.10.0-962.3.2.lve1.5.27.el6h --enablerepo=cloudlinux-hybrid-testing

Changelog

  • CLKRN-542: fix CVE-2019–0155, CVE-2019–0154, CVE-2019-11135, CVE-2018–12207
  • CLKRN-539: CVE-2019-15098: ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
  • CLKRN-539: x86/speculation/mds: apply more accurate check on the hypervisor platform
  • CLKRN-539: hpet: fix division by zero in hpet_time_div()
  • CLKRN-539: sched/numa: Move task_numa_free() to __put_task_struct()
  • CLKRN-539: sched/fair: Don't free p->numa_faults with concurrent readers
  • CLKRN-539: tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
  • CLKRN-539: tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
  • CLKRN-539: sched/fair: don't assign runtime for throttled cfs_rq
  • CLKRN-539: signal/pid_namespace: fix reboot_pid_ns to use send_sig not force_sig
  • CLKRN-539: crypto: talitos - check AES key size
  • CLKRN-539: crypto: ghas - fix unaligned memory access in ghash_setkey()
  • CLKRN-539: x86/ptrace: fix possible spectre-v1 in ptrace_get_debugreg()
  • KMODLVE-292: preserve task's original umask when entering LVE
imunify-logo

WEB SERVER SECURITY BLOG

Subscribe to CloudLinux Newsletter