Critical product update: Virtuozzo Automator 7.0 Update 2 Hotfix 6 (VA MN: 7.0.2-612, VA Agent: 7.0.2-326)

2018-10-03T00:00:00

Description

This hotfix for Virtuozzo Automator 7.0.2 provides security and stability fixes. **Vulnerability id:** CWE-79, PVA-37373 The software did not neutralize or incorrectly neutralized user-controllable input before it was placed in output that was used as a web page that was served to other users. **Vulnerability id:** CWE-269, PVA-37374 The software did not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Package

OS	OS Version	Package Name	Package Version
Virtuozzo Automator	7.0	va-cc-mn	7.2.4-27.va7
Virtuozzo Automator	7.0	va-mn-core	7.2.46-1.va7
Virtuozzo Automator	7.0	va-mn-release	7.2.0-6.va7
Virtuozzo Automator	7.0	libvzlic-devel	7.0.41-1.vz7
Virtuozzo Automator	7.0	va-agent-swamon	7.2.2-19.va7
Virtuozzo Automator	7.0	va-agent-core	7.2.46-1.va7
Virtuozzo Automator	7.0	va-agent-core-devel	7.2.46-1.va7
Virtuozzo Automator	7.0	va-cc-engine	7.2.9-3.va7
Virtuozzo Automator	7.0	va-agent-vzagroup	7.2.4-38.va7
Virtuozzo Automator	7.0	va-mn	7.2.11-7.va7
Virtuozzo Automator	7.0	va-agent-controls	7.2.4-38.va7
Virtuozzo Automator	7.0	va-cc-httpd	7.2.10-25.va7
Virtuozzo Automator	7.0	va-agent-ct	7.2.28-11.va7
Virtuozzo Automator	7.0	va-mn-swamon	7.2.2-19.va7
Virtuozzo Automator	7.0	va-mn-devel	7.2.11-7.va7
Virtuozzo Automator	7.0	va-mn-vzagroup	7.2.4-37.va7
Virtuozzo Automator	7.0	va-agent-vm	7.2.21-7.va7
Virtuozzo Automator	7.0	va-agent-controls-devel	7.2.4-38.va7
Virtuozzo Automator	7.0	va-mn-controls	7.2.4-37.va7
Virtuozzo Automator	7.0	va-pp-httpd	7.2.10-25.va7
Virtuozzo Automator	7.0	va-mn-core-devel	7.2.46-1.va7
Virtuozzo Automator	7.0	va-cc-ct	7.2.30-1.va7
Virtuozzo Automator	7.0	va-cc-core	7.2.76-1.va7
Virtuozzo Automator	7.0	libvzlic	7.0.41-1.vz7
Virtuozzo Automator	7.0	va-docs	7.2.21-1.va7
Virtuozzo Automator	7.0	va-mn-controls-devel	7.2.4-37.va7
Virtuozzo Automator	7.0	vzlicutils	7.0.50-4.vz7
Virtuozzo Automator	7.0	va-cc-vm	7.2.44-1.va7
Virtuozzo Automator	7.0	va-agent-storage	7.2.6-34.va7
Virtuozzo Automator	7.0	va-agent-vm-devel	7.2.21-7.va7
Virtuozzo Automator	7.0	va-agent-ct-devel	7.2.28-11.va7

{"id": "VZA-2018-073", "vendorId": null, "type": "virtuozzo", "bulletinFamily": "unix", "title": "Critical product update: Virtuozzo Automator 7.0 Update 2 Hotfix 6 (VA MN: 7.0.2-612, VA Agent: 7.0.2-326)", "description": "This hotfix for Virtuozzo Automator 7.0.2 provides security and stability fixes.\n**Vulnerability id:** CWE-79, PVA-37373\nThe software did not neutralize or incorrectly neutralized user-controllable input before it was placed in output that was used as a web page that was served to other users.\n\n**Vulnerability id:** CWE-269, PVA-37374\nThe software did not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.\n\n", "published": "2018-10-03T00:00:00", "modified": "2018-10-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://help.virtuozzo.com/s/article/VZA-2018-073", "reporter": "Virtuozzo", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2019-11-05T11:28:08", "viewCount": 9, "enchantments": {"dependencies": {}, "score": {"value": 2.4, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 2.4}, "affectedPackage": [{"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-cc-mn-7.2.4-27.va7.x86_64.rpm", "packageName": "va-cc-mn", "packageVersion": "7.2.4-27.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-mn-core-7.2.46-1.va7.x86_64.rpm", "packageName": "va-mn-core", "packageVersion": "7.2.46-1.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "noarch", "operator": "lt", "packageFilename": "va-mn-release-7.2.0-6.va7.noarch.rpm", "packageName": "va-mn-release", "packageVersion": "7.2.0-6.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "libvzlic-devel-7.0.41-1.vz7.x86_64.rpm", "packageName": "libvzlic-devel", "packageVersion": "7.0.41-1.vz7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-agent-swamon-7.2.2-19.va7.x86_64.rpm", "packageName": "va-agent-swamon", "packageVersion": "7.2.2-19.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-agent-core-7.2.46-1.va7.x86_64.rpm", "packageName": "va-agent-core", "packageVersion": "7.2.46-1.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-agent-core-devel-7.2.46-1.va7.x86_64.rpm", "packageName": "va-agent-core-devel", "packageVersion": "7.2.46-1.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-cc-engine-7.2.9-3.va7.x86_64.rpm", "packageName": "va-cc-engine", "packageVersion": "7.2.9-3.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-agent-vzagroup-7.2.4-38.va7.x86_64.rpm", "packageName": "va-agent-vzagroup", "packageVersion": "7.2.4-38.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-mn-7.2.11-7.va7.x86_64.rpm", "packageName": "va-mn", "packageVersion": "7.2.11-7.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-agent-controls-7.2.4-38.va7.x86_64.rpm", "packageName": "va-agent-controls", "packageVersion": "7.2.4-38.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-cc-httpd-7.2.10-25.va7.x86_64.rpm", "packageName": "va-cc-httpd", "packageVersion": "7.2.10-25.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-agent-ct-7.2.28-11.va7.x86_64.rpm", "packageName": "va-agent-ct", "packageVersion": "7.2.28-11.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-mn-swamon-7.2.2-19.va7.x86_64.rpm", "packageName": "va-mn-swamon", "packageVersion": "7.2.2-19.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-mn-devel-7.2.11-7.va7.x86_64.rpm", "packageName": "va-mn-devel", "packageVersion": "7.2.11-7.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-mn-vzagroup-7.2.4-37.va7.x86_64.rpm", "packageName": "va-mn-vzagroup", "packageVersion": "7.2.4-37.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-agent-vm-7.2.21-7.va7.x86_64.rpm", "packageName": "va-agent-vm", "packageVersion": "7.2.21-7.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-agent-controls-devel-7.2.4-38.va7.x86_64.rpm", "packageName": "va-agent-controls-devel", "packageVersion": "7.2.4-38.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-mn-controls-7.2.4-37.va7.x86_64.rpm", "packageName": "va-mn-controls", "packageVersion": "7.2.4-37.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-pp-httpd-7.2.10-25.va7.x86_64.rpm", "packageName": "va-pp-httpd", "packageVersion": "7.2.10-25.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-mn-core-devel-7.2.46-1.va7.x86_64.rpm", "packageName": "va-mn-core-devel", "packageVersion": "7.2.46-1.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "noarch", "operator": "lt", "packageFilename": "va-cc-ct-7.2.30-1.va7.noarch.rpm", "packageName": "va-cc-ct", "packageVersion": "7.2.30-1.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-cc-core-7.2.76-1.va7.x86_64.rpm", "packageName": "va-cc-core", "packageVersion": "7.2.76-1.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "libvzlic-7.0.41-1.vz7.x86_64.rpm", "packageName": "libvzlic", "packageVersion": "7.0.41-1.vz7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-docs-7.2.21-1.va7.x86_64.rpm", "packageName": "va-docs", "packageVersion": "7.2.21-1.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-mn-controls-devel-7.2.4-37.va7.x86_64.rpm", "packageName": "va-mn-controls-devel", "packageVersion": "7.2.4-37.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "vzlicutils-7.0.50-4.vz7.x86_64.rpm", "packageName": "vzlicutils", "packageVersion": "7.0.50-4.vz7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "noarch", "operator": "lt", "packageFilename": "va-cc-vm-7.2.44-1.va7.noarch.rpm", "packageName": "va-cc-vm", "packageVersion": "7.2.44-1.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-agent-storage-7.2.6-34.va7.x86_64.rpm", "packageName": "va-agent-storage", "packageVersion": "7.2.6-34.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-agent-vm-devel-7.2.21-7.va7.x86_64.rpm", "packageName": "va-agent-vm-devel", "packageVersion": "7.2.21-7.va7"}, {"OS": "Virtuozzo Automator", "OSVersion": "7.0", "arch": "x86_64", "operator": "lt", "packageFilename": "va-agent-ct-devel-7.2.28-11.va7.x86_64.rpm", "packageName": "va-agent-ct-devel", "packageVersion": "7.2.28-11.va7"}], "_state": {"dependencies": 1645691419}}