Product update: Virtuozzo 7.0 Update 5 Hotfix 3 (7.0.5-646)

Issue date: 2017-09-28

Applies to: Virtuozzo 7.0

Virtuozzo Advisory ID: VZA-2017-087

1. Overview

The Hotfix 3 for Virtuozzo 7.0 Update 5 provides security and stability bug fixes.

2. Security Fixes

  • [Low] QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. (CVE-2017-13672, PSBM-72398)

3. New Features

  • Online compacting can now be enabled manually. Online compacting of virtual machines on Virtuozzo Storage in the replication mode allows reclaiming disk space no longer occupied by data by means of the FALLOC_FL_PUNCH_HOLE flag. To enable online compacting, update all chunk servers on all nodes, restart the affected nodes, and run the ‘vstorage set-config “gen.do_punch_hole=1”’ command. For more information, see the Virtuozzo Storage Administrator’s Command Line Guide.

4. Bug Fixes

  • On PACI with Virtuozzo Storage, migrating a container by cloning it to a specified directory on a remote host would place the clone in a directory named after original container’s UUID instead of the specified path. (PSBM-72419)

5. Installing the Update

Install the update by running ‘yum update’.

6. References

The JSON file with the list of new and updated packages is available at http://docs.virtuozzo.com/vza/VZA-2017-087.json.