Virtualizor 2.5.8 Launched !

Hi,

The Virtualizor Team has released Virtualizor 2.5.8
This version has new features and some bug fixes.

1) [Bug Fix] Virtualizor OpenVZ Importer was not importing the Container if the container name is > 1000. This is Fixed now.

2) [Bug Fix] While editing the OpenVZ container, the container edit fails if the template was removed. This is fixed now.

3) [Feature] New WHMCS module released with the “Control Panel” as a Configurable Option.

4) [Feature] New Option added to give a Hostname pattern to all the VMs created with the WHMCS module. You can set the pattern by editing virtualizor_conf.php file.

Virtualizor supports OpenVZ, Xen, XenServer and Linux-KVM on CentOS and Ubuntu and they all can be managed from the Master. We are adding more features and if you have any suggestions, do let us know. We hope you enjoy this version of Virtualizor.

Regards,
The Virtualizor Team

Virtualizor 2.5.7 Launched !

Hi,

The Virtualizor Team has released Virtualizor 2.5.7
This version has new features and some bug fixes.

1) [Feature] Network Speed options have been added for Cloud / Reseller Accounts.

2) [Feature] Control Panel install option has been added on Create VPS Page. Now the admin can install Control Panel while creating a VPS.

3) [Feature] An easy VNC access button has been added in the Admin Panel -> List VPS page.

4) [Feature] The VPS list drop down in Admin OS Reinstall, Migrate and VNC Page has been improved. Admins can now search from the list as well.

5) [Feature] Internal / Additional Network can be now created for KVM and Xen VMs.

6) [Feature] If an Admin wants some VMs to be excluded from the ebtables rules, this is now possible. The Admin can set VPS plan IDs in the universal.php for this purpose. Complete guide : http://virtualizor.com/wiki/Ebtables_Exclude

7) [Task] Add/Rebuild VPS page will now display more error logs if there are any errors while adding or rebuilding the VPS.

8) [Task] VPS naming convention has been changed for XEN. All new VMs will now have a “v” prefixed for the VPS Name.

9) [Bug Fix] POODLE issue has been resolved.

10) [Bug Fix] The Available resources of a Cloud User was not shown correctly sometimes. This is now fixed.

11) [Bug Fix] Queue creation option in “Configuration” page was always saving value 1. This is fixed now.

12) [Bug Fix] Edit VM Link in Cloud / Reseller Panel has been fixed.

13) [Bug Fix] VMs created via the Blesta Module were going in the wrong user account. This is now fixed.

14) [Bug Fix] In the VPS Management Panel, IPv6 Mask was missing for IPv6 subnets.

15) [Bug Fix] Cloud users were allowed to create more than the number specified by the admin. This is fixed now.

Virtualizor supports OpenVZ, Xen, XenServer and Linux-KVM on CentOS and Ubuntu and they all can be managed from the Master. We are adding more features and if you have any suggestions, do let us know. We hope you enjoy this version of Virtualizor.

Regards,
The Virtualizor Team

Xen Vulnerability XSA-108


An update for Xen has been released to address a vulnerability where a buggy or malicious HVM guest can crash the host or read data relating to other guests or the hypervisor itself. Xen Versions 4.1 and above are affected.

Note : This bug is not a part of the Virtualizor VPS Panel, but rather a bug in Xen. The entire detail of the bug can be found below.

If your Virtualizor Host Node is running CentOS 6 with Xen (mostly it will be running Xen 4.2.x) or Xen 4.1 and above, you will need to yum update Xen and reboot the server. The command is as follows :

root> yum -u update
root> /usr/bin/grub-bootxen.sh

Note : You will need to reboot the server.

If you need any assistance updating Xen, please contact the Virtualizor support team.

Following is the security advisory :

Xen Security Advisory CVE-2014-7188 / XSA-108
                   version 4

              Improper MSR range used for x2APIC emulation

UPDATES IN VERSION 4
====================

Public release.

ISSUE DESCRIPTION
=================

The MSR range specified for APIC use in the x2APIC access model spans
256 MSRs. Hypervisor code emulating read and write accesses to these
MSRs erroneously covered 1024 MSRs. While the write emulation path is
written such that accesses to the extra MSRs would not have any bad
effect (they end up being no-ops), the read path would (attempt to)
access memory beyond the single page set up for APIC emulation.

IMPACT
======

A buggy or malicious HVM guest can crash the host or read data
relating to other guests or the hypervisor itself.

VULNERABLE SYSTEMS
==================

Xen 4.1 and onward are vulnerable.

Only x86 systems are vulnerable.  ARM systems are not vulnerable.

MITIGATION
==========

Running only PV guests will avoid this vulnerability.

CREDITS
=======

This issue was discovered Jan Beulich at SUSE.

RESOLUTION
==========

Applying the attached patch resolves this issue.

xsa108.patch        xen-unstable, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x

Sources :
http://xenbits.xen.org/xsa/
http://lists.centos.org/pipermail/centos-announce/2014-October/020662.html

Regards,
The Virtualizor Team