[Openstack-operators] Venom vulnerability

David Medberry openstack at medberry.net
Wed May 13 16:40:43 UTC 2015


Hi Tim, et al,

We (Time Warner Cable) will be doing a live-migration (L-M) of all
instances one the QEMU package is upgraded. That will start new QEMU
instances on the target host allowing us to vacate the source host. We may
roll in a kernel upgrade due to another security vulnerability at the same
time.

I'm doing a Show and Tell in YVR about the topic of L-Ms and this topic now
has its own slide.

On Wed, May 13, 2015 at 8:31 AM, Tim Bell <Tim.Bell at cern.ch> wrote:

>
>
> Looking through the details of the Venom vulnerability,
> https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/, it
> would appear that the QEMU processes need to be restarted.
>
>
>
> Our understanding is thus that a soft reboot of the VM is not sufficient
> but a hard one would be OK.
>
>
>
> Some quick tests have shown that a suspend/resume of the VM also causes a
> new process.
>
>
>
> How are others looking to address this vulnerability ?
>
>
>
> (I guess the security session will have a few extra people signing up in
> Vancouver now...)
>
>
>
> Tim
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150513/39078a2f/attachment.html>


More information about the OpenStack-operators mailing list