Important product security update: Virtuozzo 6.0 Update 12 Hotfix 49 (6.0.12-3754)

Issue date: 2019-12-06

Applies to: Virtuozzo 6.0

Virtuozzo Advisory ID: VZA-2019-093

1. Overview

This update provides a security and a stability fix.

2. Security Fixes

  • [Important] libVNCServer-0.9.10 contains a memory leak in VNC server code, which may allow an attacker to read stack memory. (CVE-2019-15681, PSBM-99817)

3. Bug Fixes

  • prl_vzvncserver_app could generate 100% CPU core load, preventing access to VNC console. (PSBM-97140)

4. Installing the Update

Install the update by running ‘yum update’.

The JSON file with the list of new and updated packages is available at https://docs.virtuozzo.com/vza/VZA-2019-093.json.