Virtuozzo OnApp 5.5 CloudBoot Security Update
This update addresses the Foreshadow vulnerabilities (CVE-2018-3639, CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646) for CentOS 6/7 CloudBoot compute resources. For more information on vulnerabilities refer to Foreshadow Attack Issues doc.
To mitigate the vulnerabilities on KVM CloudBoot compute resources we recommend updating the kernel to one of the following versions:
- for CentOS 6 - kernel 2.6.32-754.3.5.el6.x86_64
- for CentOS 7 - kernel 3.10.0-862.11.6.el7.x86_64
To mitigate the vulnerabilities on Xen CloudBoot compute resources we recommend updating the kernel to one of the following versions:
- for CentOS 6 - kernel 4.9.112-32.el6.x86_64
Use CloudBoot Compute Resources and CloudBoot Backup Server upgrade procedures to install the update. ‘Simple reboot’ and ‘Migrate and Reboot’ options are available.
| Key | Type | Release Notes | Affects Version/s |
|---|---|---|---|
| CLOUDBOOT-305 | Improvement | Updated the kernel version to 2.6.32-754.3.5.el6.x86_64 for CloudBoot CentOS 6 KVM compute resources. | |
| CLOUDBOOT-306 | Improvement | Updated the following components for CloudBoot CentOS 7 KVM compute resources:
| |
| CLOUDBOOT-307 | Improvement | Updated the following components for CloudBoot CentOS 7 KVM compute resources:
| |
| CLOUDBOOT-309 | Improvement | Updated the following components for CloudBoot CentOS 6 Xen compute resources:
| |
| INSTALLER-367 | Fix | Fixed the issue when Xen Dom0 max memory management and the centos-virt-xen repository failed during compute resource update. | All Virtuozzo OnApp versions |
