Product security update: Virtuozzo 7.0 Update 3 Hotfix 2 (7.0.3-640)

Issue date: 2017-03-17

Applies to: Virtuozzo 7.0

Virtuozzo Advisory ID: VZA-2017-018

1. Overview

The new package for Virtuozzo 7.0.3 introducing a security fix.

2. Security Fixes

  • [Moderate] Incorrect checking of locked VM accounts in Virtuozzo SDK allowed one to use any password to log in to a VM with such a locked account via a third-party program using Virtuozzo SDK that was launched on host. Other login methods, e.g., via SSH, were not affected. (PSBM-62160)

3. Installing the Update

Install the update by running ‘yum update’.

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-018.json.