Issue date: 2017-01-25
Affected products: Virtuozzo 6.0
Virtuozzo advisory ID: VZA-2017-003
The new packages for Virtuozzo 6.0 introducing a security fix.
2. Security Fixes
- [Moderate] A vulnerability within vzpkg could allow a malicious user to perform a basic symlink attack resulting in files being moved outside of the container and onto the host file system. The issue only affected containers based on CentOS 5. (PSBM-58425)
3. Installing the Update
Install the update by running 'yum update'.
The JSON file with the list of new and updated packages included in this update is available at http://docs.virtuozzo.com/vza/VZA-2017-003.json.