Important product update: Virtuozzo PowerPanel RTM Hotfix 3 (7.0.1-415)

Issue date: 2017-09-20

Applies to: Virtuozzo PowerPanel

Virtuozzo Advisory ID: VZA-2017-081

1. Overview

The new packages for Virtuozzo PowerPanel introducing new features as well as security and usability fixes.

2. Security Fixes

• [Important] Disabled SSLv3 access to the management panel to protect against the POODLE SSLv3 vulnerability. (CVE-2014-3566, PP-427)

3. New Features

• Added possibility to redeploy controller in place with different certificates and hostname. (PP-412, PP-414)
• Deployment script can now process intermediate certificates specified with one or more ‘–ssl-intermediate-cert’ parameters. (PP-429)

4. Bug Fixes

• Clarified backup management in documentation. (PP-352)
• Containers could become unmanageable after hot migration. (PP-362)
• The ‘Change password’ dialog with new login details disappeared on mouse click in Firefox. (PP-369)
• Running VMs could be shown as invalid in PowerPanel after vzapi attempted to process a VM with too many IP addresses assigned. (PP-409)
• Deployment script could not handle passwords containing the at sign. (PP-428)
• Described more local users management commands in documentation. (PP-448)

5. Installing the Update

Install the update by running ‘yum update vzapi-installer && vzapi-installer upgrade’.

6. References

• https://access.redhat.com/security/cve/CVE-2014-3566

The JSON file with the list of new and updated packages is available at JSON file.