Product security update: Virtuozzo 6.0 Update 12 Hotfix 2 (6.0.12-3658)

Issue date: 2017-01-25

Applies to: Virtuozzo 6.0

Virtuozzo advisory ID: VZA-2017-003

1. Overview

The new packages for Virtuozzo 6.0 introducing a security fix.

2. Security Fixes

  • [Moderate] A vulnerability within vzpkg could allow a malicious user to perform a basic symlink attack resulting in files being moved outside of the container and onto the host file system. The issue only affected containers based on CentOS 5. (PSBM-58425)

3. Installing the Update

Install the update by running ‘yum update’.

The JSON file with the list of new and updated packages included in this update is available at http://docs.virtuozzo.com/vza/VZA-2017-003.json.