Product security update: Virtuozzo 6.0 Update 12 Hotfix 2 (6.0.12-3658)¶
Issue date: 2017-01-25
Applies to: Virtuozzo 6.0
Virtuozzo advisory ID: VZA-2017-003
The new packages for Virtuozzo 6.0 introducing a security fix.
2. Security Fixes¶
[Moderate] A vulnerability within vzpkg could allow a malicious user to perform a basic symlink attack resulting in files being moved outside of the container and onto the host file system. The issue only affected containers based on CentOS 5. (PSBM-58425)