And I’m here to announce that CloudLinux 7 and CloudLinux 6 Hybrid kernel with the fix for the Zombieload2 vulnerabilities is now available for download from our updates-testing repository.

To get ongoing information related to the Zombieload2 vulnerabilities, follow our KernelCare blog.

Update

To secure your CloudLinux 7 and CloudLinux 6 hybrid servers, you should proceed as we did with the previous MSD vulnerability: update microcode along with the kernel update.

For CloudLinux 7, run the command:

yum upgrade -y microcode_ctl && yum install kernel-3.10.0-962.3.2.lve1.5.27.el7 --enablerepo=cloudlinux-updates-testing

Hybrid, run the command:

yum upgrade -y microcode_ctl && yum install kernel-3.10.0-962.3.2.lve1.5.27.el6h --enablerepo=cloudlinux-hybrid-testing

Changelog

• CLKRN-542: fix CVE-2019–0155, CVE-2019–0154, CVE-2019-11135, CVE-2018–12207
• CLKRN-539: CVE-2019-15098: ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
• CLKRN-539: x86/speculation/mds: apply more accurate check on the hypervisor platform
• CLKRN-539: hpet: fix division by zero in hpet_time_div()
• CLKRN-539: sched/numa: Move task_numa_free() to __put_task_struct()
• CLKRN-539: sched/fair: Don't free p->numa_faults with concurrent readers
• CLKRN-539: tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
• CLKRN-539: tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
• CLKRN-539: sched/fair: don't assign runtime for throttled cfs_rq
• CLKRN-539: signal/pid_namespace: fix reboot_pid_ns to use send_sig not force_sig
• CLKRN-539: crypto: talitos - check AES key size
• CLKRN-539: crypto: ghas - fix unaligned memory access in ghash_setkey()
• CLKRN-539: x86/ptrace: fix possible spectre-v1 in ptrace_get_debugreg()
• KMODLVE-292: preserve task's original umask when entering LVE