Virtuozzo OnApp Control Panel Security Update
This update addresses the Virtuozzo OnApp Control Panel version 5.0 and 5.5 vulnerability. For more details, refer to General Security Advisory.
A vulnerability which could be exploited in some Virtuozzo OnApp transactions and under certain conditions allow an attacker to run arbitrary commands with root privileges on other Xen or KVM virtual servers within the same Virtuozzo OnApp cloud.
To mitigate the vulnerability on Virtuozzo OnApp Control Panels managing Xen/KVM compute resources, please upgrade the Control Panel following the below instructions:
Virtuozzo OnApp 5.0
- If you are not running the latest 5.0.0-87 version, proceed to Virtuozzo OnApp Control Panel full upgrade procedure.
- For 5.0.0-87 version, use the following procedure to upgrade your Control Panel:
Stop monit, onapp, and httpd services.
Run the command:
1# yum update onapp-cpStart monit, onapp and httpd services
Virtuozzo OnApp 5.5
- If you are not running the latest 5.5.0-92 version, proceed to Virtuozzo OnApp Control Panel full upgrade procedure.
- For 5.5.0-92 version, use the following procedure to upgrade your Control Panel:
Stop monit, onapp, and httpd services
Run the command:
1# yum update onapp-cpStart monit, onapp, and httpd services
For Virtuozzo OnApp versions prior to 5.0, we highly recommend updating to a supported release as soon as possible. Please, contact your account manager or Virtuozzo OnApp support to discuss your options.
