Product update: Virtuozzo 7.0 Update 10 Hotfix 1 (7.0.10-320)¶
Issue date: 2019-05-18
Applies to: Virtuozzo 7.0
Virtuozzo Advisory ID: VZA-2019-039
The Hotfix 1 for for Virtuozzo 7.0.10 mitigates the Microarchitectural Store Buffer Data (MDS) vulnerability and provides stability and usability bug fixes.
2. Security Fixes¶
[Important] The Microarchitectural Store Buffer Data (MDS) is a series of hardware vulnerabilities which allow speculative execution attacks on Intel processors. A malicious application or guest virtual machine can use this flaw to gain access to data stored in internal CPU buffers, bypassing security restrictions. For more details, visit the Virtuozzo Blog. (PSBM-94407)
3. Bug Fixes¶
VM might not be resumed after live migration to a host with insufficient CPU features. (PSBM-93848)
prl_disk_tool compact could fail to work with an error in get_discard_granularity. (PSBM-94168)
Temporary disk snapshots could remain unmerged after live-migrating a VM located on shared storage. (PSBM-94264)
pcompact/trim could fail to work for container disks located on shared storage with an error in get_discard_granularity. (PSBM-94425)
4. Installing the Update¶
Install the update by running ‘yum update’ and rebooting the host. If you use CPU pools, additional actions are required to mitigate the MDS vulnerability: for a custom CPU pool, run ‘cpupools recalc’; if you use the default CPU pool, move your nodes to a custom CPU pool as described in section 8.6.1 of the Virtuozzo User’s Guide.
The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2019-039.json.