Product update: Virtuozzo 6.0 Update 12 Hotfix 41 (6.0.12-3741)

Issue date: 2019-05-20

Applies to: Virtuozzo 6.0

Virtuozzo Advisory ID: VZA-2019-040

1. Overview

This update provides hypervisor-related fixes for the Microarchitectural Store Buffer Data (MDS) vulnerability as well as a stability fix.

2. Security Fixes

• [Important] The Microarchitectural Store Buffer Data (MDS) is a series of hardware vulnerabilities which allow speculative execution attacks on Intel processors. A malicious application or guest virtual machine can use this flaw to gain access to data stored in internal CPU buffers, bypassing security restrictions. (PSBM-94407)

3. Bug Fixes

• Guest tools installation could fail on Ubuntu with 4.4.0-145 kernel due to an issue in get_user_pages. (PSBM-93867)

4. Installing the Update

Install the update by running ‘yum update’. If you use CPU pools, additional actions are required to mitigate the MDS vulnerability: for a custom CPU pool, run ‘cpupools recalc ‘; if you use the default CPU pool, move your nodes to a custom CPU pool as described in chapter 9 of the Virtuozzo User’s Guide.

5. References

• https://access.redhat.com/security/vulnerabilities/mds

The JSON file with the list of new and updated packages is available at JSON file.