Critical product security update: Virtuozzo 7.0 Update 3 Hotfix 1 (7.0.3-639)

Issue date: 2017-03-06

Applies to: Virtuozzo 7.0

Virtuozzo Advisory ID: VZA-2017-012

1. Overview

The new packages for Virtuozzo 7.0.3 introducing security fixes as well as usability and stability bug fixes.

2. Security Fixes

  • [Critical] A flaw found in the way prl-vzvncserver parsed terminal escape sequences that could allow a remote attacker authenticated with the VNC password or a user logged in to a container as root to execute arbitrary code as host root. (PSBM-58281)

  • [Moderate] A flaw was found in prl-vzvncserver that could allow a remote attacker authenticated with the VNC password or a user logged in to a container as root to crash prl-vzvncserver by exploiting the way it handled overlapping memory areas. (PSBM-58282)

  • [Moderate] A flaw was found in prl-vzvncserver that could allow a remote attacker authenticated with the VNC password or a user logged in to a container as root to crash prl-vzvncserver by executing a specially crafted command to overwrite a small memory region of the prl-vzvncserver process. (PSBM-58280)

  • [Moderate] A flaw was found in prl-vzvncserver that could allow a remote attacker authenticated with the VNC password or a user logged in to a container as root to crash prl-vzvncserver by executing a specially crafted command to cause allocation of a huge amount of memory. (PSBM-58099)

3. New Features

  • Virtuozzo PowerPanel 2.0 support. Virtuozzo PowerPanel 2.0 is a solution for hosting providers that allows their customers to independently manage purchased virtual environments hosted on Virtuozzo 7 nodes. Install this update on a Virtuozzo 7 node to make its virtual environments manageable via Virtuozzo PowerPanel 2.0.

  • Support for SLES 11 in containers. This update adds container EZ templates for SUSE Linux Enterprise Server 11. For details on additional configuration steps required to create SLES 11 containers, see the Virtuozzo 7 User’s Guide.

4. Bug Fixes

  • Last disk partition was not resized if resize was performed via prlsdkapi. (PSBM-60527)

  • Reconfiguring network in the installer could block attended PXE installation. (PSBM-60277)

  • VCMMD could crash due to an error in lookup_qemu_machine_pid(), preventing any virtual environments on node from being started. (PSBM-60274)

  • Bootloader stages 1 and 2 could be set to different devices in the Virtuozzo 7 installer which could result in an unbootable installation. (PSBM-60204)

  • Incorrect swap values were reported after ‘vcmmd’ restart for containers with swap set to 0. (PSBM-59952)

  • It was impossible to select MDS IP address in the installer. The latest configured IP address was automatically selected and could not be changed. (PSBM-59837)

  • Containers created from templates would not start. (PSBM-59834)

  • Installer would generate a malformed line for Virtuozzo Storage in /etc/fstab on nodes added to a storage cluster. (PSBM-59306)

  • Shaman could calculate HWIDs differently than vzlicmon and act as if valid licenses were invalid. (PSBM-58995)

  • The ‘pdrsd’ service could crash due to segmentation fault after attempting to process values of incorrect length. (PSBM-58930)

  • Live migration of a virtual environment would fail if websocket was in use on the destination node (PSBM-57556)

  • CPU features were stored in VM config at time of creation and never refreshed. This could impede migration to hosts with different CPUs at a later time. Now CPU features are reset on registration as well. (PSBM-56479)

  • Impossible to create incremental backups of containers from Virtuozzo 6 to Virtuozzo 7 hosts. (PSBM-54345)

  • Virtuozzo Storage ‘rm-cs’ did not remove corresponding ‘systemd’ targets during CS removal. (PSBM-52338)

5. Installing the Update

Install the update by running ‘yum update’.

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-012.json.