Product security update: Virtuozzo 6.0 Update 12 Hotfix 2 (6.0.12-3658)¶
Issue date: 2017-01-25
Applies to: Virtuozzo 6.0
Virtuozzo advisory ID: VZA-2017-003
1. Overview¶
The new packages for Virtuozzo 6.0 introducing a security fix.
2. Security Fixes¶
[Moderate] A vulnerability within vzpkg could allow a malicious user to perform a basic symlink attack resulting in files being moved outside of the container and onto the host file system. The issue only affected containers based on CentOS 5. (PSBM-58425)
3. Installing the Update¶
Install the update by running ‘yum update’.
The JSON file with the list of new and updated packages included in this update is available at http://docs.virtuozzo.com/vza/VZA-2017-003.json.
Dec 12, 2024