Product security update: Virtuozzo 6.0 Update 12 Hotfix 2 (6.0.12-3658)

Issue date: 2017-01-25

Applies to: Virtuozzo 6.0

Virtuozzo advisory ID: VZA-2017-003

1. Overview

The new packages for Virtuozzo 6.0 introducing a security fix.

2. Security Fixes

• [Moderate] A vulnerability within vzpkg could allow a malicious user to perform a basic symlink attack resulting in files being moved outside of the container and onto the host file system. The issue only affected containers based on CentOS 5. (PSBM-58425)

3. Installing the Update

Install the update by running ‘yum update’.

The JSON file with the list of new and updated packages included in this update is available in the JSON file.