The discussion with Solar Designer has inspired me to check all of the software in TinyVZ against the CVE database of security vulnerabilities. I discovered one issue that needed patching: CVE-2010-0001, which affects the gzip Busybox applet in TinyVZ.
That in mind, I have released TinyVZ 0.7.02 with this issue fixed. The only unpaid support I supply for TinyVZ at this time is to fix security problems with a CVE vulnerability number that affect compiled programs outside of the /build tree. CVE 2010-0001 has been patched; other CVE issues have not been patched because they do not appear to be serious security issues that affect TinyVZ. Details are in the file build/CVE inside of the container. TinyVZ can be downloaded here: http://samiam.org/TinyVZ/ I hope people find this OpenVZ template useful. - Sam _______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
