Product security update: Virtuozzo 7.0 Update 3 Hotfix 2 (7.0.3-640)¶
Issue date: 2017-03-17
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2017-018
1. Overview¶
The new package for Virtuozzo 7.0.3 introducing a security fix.
2. Security Fixes¶
[Moderate] Incorrect checking of locked VM accounts in Virtuozzo SDK allowed one to use any password to log in to a VM with such a locked account via a third-party program using Virtuozzo SDK that was launched on host. Other login methods, e.g., via SSH, were not affected. (PSBM-62160)
3. Installing the Update¶
Install the update by running ‘yum update’.
The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-018.json.
Dec 02, 2024