Product update: Virtuozzo Infrastructure Platform 2.5 Update 7 (2.5.0-1650)¶
Issue date: 2019-05-22
Applies to: Virtuozzo Infrastructure Platform 2.5
Virtuozzo Advisory ID: VZA-2019-041
1. Overview¶
This update mitigates the Microarchitectural Store Buffer Data (MDS) vulnerability and provides a performance bug fix.
2. Security Fixes¶
[Important] The Microarchitectural Store Buffer Data (MDS) is a series of hardware vulnerabilities which allow speculative execution attacks on Intel processors. A malicious application or guest virtual machine can use this flaw to gain access to data stored in internal CPU buffers, bypassing security restrictions. For more details, visit the Virtuozzo Blog. (VSTOR-23200)
3. Bug Fixes¶
Performance improvement comparing to previous updates. (VSTOR-22963)
4. Installing the Update¶
You can update Virtuozzo Infrastructure Platform in the SETTINGS > UPDATE section of the admin panel. A reboot is required to complete the update. Updated nodes will be rebooted automatically, one at a time. During the reboot, the storage service might be unavailable on cluster configurations without the redundancy of services or data.
5. References¶
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2019-041.json.