[Openstack-operators] Venom vulnerability

David Medberry openstack at medberry.net
Thu May 14 15:50:07 UTC 2015


Hi Basil, et al,

Canonical/Ubuntu support page for Ubuntu Cloud Archive shows Precise/Havana
EOLife last year sometime. Refer to this chart:

https://wiki.ubuntu.com/ServerTeam/CloudArchive?action=AttachFile&do=get&target=plan.png

from this page:

https://wiki.ubuntu.com/ServerTeam/CloudArchive

though that said, I do see that Marc Deslauriers has recently updated the
Havana version of QEMU so maybe they will go ahead and do the appropriate
rebuild.

On Thu, May 14, 2015 at 9:04 AM, Basil Baby <basilbaby at gmail.com> wrote:

> If anyone from Canonical here who maintains ubuntu-cloud.archive.canonical,
>
> I can see the patch for CVE-2015-3456 updated to qemu-kvm package on
> Precise - Icehouse branch.
>
> https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/icehouse-staging/+build/7425816
>
> But, on precise-havana it is not yet updated.
> (Latest available is
> https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/havana-staging/+build/5955528
> )
> Is there a plan to update the package ?
>
> Thanks,
> -Basil
>
> On Wed, May 13, 2015 at 7:25 PM, Matt Van Winkle <mvanwink at rackspace.com>
> wrote:
>
>> It would.  I'd test though.  Depending on the amount of RAM and the I/O of
>> the underlying host, we saw that some larger instances could take longer
>> to suspend/resume than shutdown/power up.  You maintain the state of the
>> system, but may see longer "downtime" for the instance.  Something to
>> think about.
>>
>> Thanks!
>> Matt
>>
>> On 5/13/15 6:19 PM, "Favyen Bastani" <fbastani at perennate.com> wrote:
>>
>> >Would a virsh suspend/save/restore/resume operation accomplish similar
>> >result as the localhost migration?
>> >
>> >Best,
>> >Favyen
>> >
>> >On 05/13/2015 12:44 PM, Matt Van Winkle wrote:
>> >> Yeah, something like that would be handy.
>> >>
>> >> From: matt <matt at nycresistor.com<mailto:matt at nycresistor.com>>
>> >> Date: Wednesday, May 13, 2015 10:29 AM
>> >> To: "Daniel P. Berrange"
>> >><berrange at redhat.com<mailto:berrange at redhat.com>>
>> >> Cc: Matt Van Winkle
>> >><mvanwink at rackspace.com<mailto:mvanwink at rackspace.com>>,
>> >>"openstack-operators at lists.openstack.org<mailto:
>> openstack-operators at lists
>> >>.openstack.org>"
>> >><openstack-operators at lists.openstack.org<mailto:
>> openstack-operators at lists
>> >>.openstack.org>>
>> >> Subject: Re: [Openstack-operators] Venom vulnerability
>> >>
>> >> honestly that seems like a very useful feature to ask for...
>> >>specifically for upgrading qemu.
>> >>
>> >> -matt
>> >>
>> >> On Wed, May 13, 2015 at 11:19 AM, Daniel P. Berrange
>> >><berrange at redhat.com<mailto:berrange at redhat.com>> wrote:
>> >> On Wed, May 13, 2015 at 03:08:47PM +0000, Matt Van Winkle wrote:
>> >>> So far, your assessment is spot on from what we've seen.  A migration
>> >>> (if you have live migrate that's even better) should net the same
>> >>>result
>> >>> for QEMU.  Some have floated the idea of live migrate within the same
>> >>> host.  I don't know if nova out of the box would support such a thing.
>> >>
>> >> Localhost migration (aka migration within the same host) is not
>> >>something
>> >> that is supported by libvirt/KVM. Various files QEMU has on disk are
>> >>based
>> >> on the VM name/uuid and you can't have 2 QEMU processes on the host
>> >>having
>> >> the files at the same time, which precludes localhost migration
>> working.
>> >>
>> >> Regards,
>> >> Daniel
>> >>
>> >>
>> >>
>> >> -----BEGIN PGP MESSAGE----- Version: GnuPG v1 Comment: Charset:
>> >>us-ascii
>> >> hQIMA4ToeuPbGFzLAQ//WKATa6VRGKJKq7zAcUTO0tS8Lgq5zuo1buc2pJtbPKXi
>> >> pFmHpgTsXxoU3LNhfWelAToCQdacVLUw5OiFsWyoVsjAcuRzMrN+l8WHYG4jZDGs
>> >> bXCUp4XwShex35/vmI15NTAKrmbgIJZRi80sewCZ8H13rei86TPKA5b1C9SFxiqq
>> >> KGmntJdiEyk+x2SOz5xvZVx/29XryUSBXo6YAVQmW4AZrrdVdkRxDKCX3tw90UZ+
>> >> RCibGl1nac4n2rrXZ+izKcq6d+CYo28yBaEJ5zecrU1K9M/rZwyVWnr5NTP0bs0B
>> >> EOBV+0YsaBJdfbdrntKGUZCKVta4QdX9mOIQ7GYM/DP3IxHywFKfcwjG0iRjHYQG
>> >> sNCK0ymhr+eNcBKWHjyVqvy/W5IIep+ES1Y7xhmwqPfWEraNQ+Scc9T6i7mWAaam
>> >> dn7fVaO3dOHEoKVGX6Z+TtQS+FjesrgtOtvEeonVAkQLNEBVnQcMaMOrz+Ia1AXf
>> >> +SwkcksDaqylXC1TqTLjyA7ceEHWqPL7d6EfIM7dBT/tg0h5WL2XgoJlFddSXDoR
>> >> 99b2Arc9jaG+tJamvRO+M8Ky8uVuD5pF68wDwfvPqHbzSzzt3fmmkQkOVmtNLkjp
>> >> ZAGDxV/0+xhurdz4HFDz6q3ShpgREsgBEOd8uY7UCn67nRZbrS4YtdUIV25dhknS
>> >> 6gGkwfhs5IR99F/IvQUXsUs1m5DCWZI0GkWEaTcTEJfNoYHLPH+vLdtzupNz7ihp
>> >> sNtie42q3urYLW5irAFeTW8jyjS4V5TPMMUXMvp5DG4eOGGCoKiZQhmT3JJB3PHe
>> >> 5kghWgOlRQyK9trkH1zS8cgpXPhL+g/LGRfrp+xH7E7Hn1DLMizeQargFpcLmpdR
>> >> KHQQCHlBuB4gTQ0n/ai5zRVrioH+6GVMVedUxsYTMlrVWNGocYVZ/lzjHdDGVPiQ
>> >> JoxmMxVqL8icPu21FoIXGKiTA6VI0cAmugpQDXFVuk+HVYyYGtj9swmPyaR7ykXU
>> >> 1+4KAyBXsmz4y/mQxKsSVZnlp+cq9Y6iR7IPcj06KMeTF61Zc6sJZ0aIDl6IzzOB
>> >> UErMtFTKuAMAFPmB2wZ2kMsuz5K48BZcDSeO6PT6fbsWtQvmRK+Fqjf8iLtpLnEj
>> >> 2aG0hKeDTJkZKJOtaHoePx1MBrfRS1kCSAhjTCIxgSuIKLsRx9M+8KfqB+suYXUA
>> >> RbrSrOyvl16YfUmTaWdYS+PdKuLYEVHViqZecvc30jALJoQOcvoWO7Kwzh4Tl4H9
>> >> jeSA1+lpV0P25tm7x+PbpAVgbX0aBD4rs2TYU79MersBvL8trm3q6UcB0Bcud/XQ
>> >> rUTUa7xUgS8XO+EsU6WMKmRZ+Usl+yTqaXH4eTMMAAL1b2Kq9Lr3RZP/zuQpYfiG
>> >> aSfX8al6YJQRGRVwYORbeUjcOw5fioash8Xf1OEpj0fYLGbsqhRUZU6UbADjEcHo
>> >> YJID1xvBUmw149iCbOTwHb1rTfw2t8VThkfIxbSTd7t/urYNn5F5H1dhWocvs+oR
>> >> cd4GKZJjvQcT2/RH8taspQjWNL5asRQvwdb6ZUYQDa5G6o2N3pjIrP9Itue8Iaf6
>> >> B/xZ6MnFnAB821YiT1V0KbX7FB8bE6HE9z7jR1zpqBA3LbPxVtst2AxenVxbCSQT
>> >> scA5c4YoXXgxPbrCyX22lyAKwuYEaRa7KrPVjrJoyjDDK1uFD0JRqzokJcS/7dBY
>> >> F9xrz5H9yRoyVwy/pG9uEdoQkGth3DiOBkqUMYrvipqP0AKHRHcASdL/3fbgdB9Q
>> >> bmCwWVTyUVbmqztawJ8Xc9+QRk1wEbLvt3df9DZkUT8lqR9JUt4xLWpMvhOhsIVQ
>> >> iXFaeSoZTpa7B8NzTpJPfCrZtTYnZxzHewxg0gViHQPSv+LmvpR2Z3k6CkgRdqKE
>> >> 1vM/+Ih2Ksc+Yyd5T40IObyaTmSigXnIkKv3vHQtaZaLmwiZRFJY8EmLASSz5/o/
>> >> LUNMH1CPPvj00W3rLzMHDnYu2ZhWETpQBGjNUWcQnzo6Vfg3SBXse3WbZu73Ix2f
>> >> O+kMHjMtB9Nf4URij4D3obLpSVZ1F95wyS63yTuS7nncSNnvbm891946F4/k/J79
>> >> 4fsPVdOA3JSrR9nl10yKsxlfbeTh3saPP2GvDd7TWmC1AdCej64RyyNojJONvbi2
>> >> su4esVJicnUZM0/d4nqhiYacVxhDU4PnWcy9xISEwgKT0LTlC8VWO8qdRqa5RFlq
>> >> ewUoE1pCoxapKYOv+GC4DKHmGXp4xcpDnQvQFqcG7ntlZGPmfu4kyCguniCGF0yV
>> >> nbffVuNUQYNlBt9Y1X9YBZX+DAlx822qOXWDnqe9yhPlEcH7RxmXqdQlqDDZZDhs
>> >> QhJvqVuBSRxmEoi4K/vE04HPa79L39h40jX1NmGuBjwhst1+1fYfHHS16PqlbNZF
>> >> H1KuELxVkK4HKhyxr5xTGubLHjIC13tMe73bQadFod5cUiZj+fhRSTzHrAUru9Jk
>> >> HvUDPF3b9R2fcPRqD5Mtg2gjRDsgWvrODoLW+tCdNuBf3eg3JJYzlFkJU1wiMaml
>> >> XdQwiGD8m0hABnae7RFODogXpzfKkeFIRmV7vWQqkRc4LUBE0+diw61qaIJE+9d8
>> >> 3NGdESlAleI9hMQVSuwzb5vEn5d4+qPoi1/LhlToho2WJo1By9KkAIUY4eSo8jih
>> >> CY+QgrLGZ6CRDLkkj7hVIDdThVcTxesPeDL4DStdee/d2g1PLzWMsQlp0/NDyDZx
>> >> azBbdEZub5/el9Buzgmrv/NgKP3GYLiexFcMe4B9p8Q7AqbtE7oPxOZD4a6EVVe0
>> >> 3u6WKkNOzqDgLKUmt6EAYI9zxwKz/r8K4UKahoi9abrmGwvsrApICJfThC74aw== =QMaw
>> >>-----END
>> >> PGP MESSAGE-----
>> >>
>> >>
>> >>
>> >> -----BEGIN PGP MESSAGE-----
>> >> Version: GnuPG v1
>> >> Comment: Charset: us-ascii
>> >>
>> >> hQIMA4ToeuPbGFzLARAAg0zb38BESkbvvLbom+Lcf+NpIfxCZvsok8DRTEeEO3v5
>> >> sCsiK50E/IwxRpdO0IhqfOmMhJDmHAOD8emqgNMH6dppiV2ftuxraTU27+I8Kmdi
>> >> o8VUDb98XvH1DjsjcKLGWwM5+dKqtnh7adiJwsRRiEswuumtsh+eH5R9D7928kgV
>> >> ZZn6b615jGulXMeIf6BuSEfLXBiSE5hgYfizcakFzdW/gm+8URGUQYGBlwm/qQoV
>> >> f37TmSqrDiM1nVn7KF2NGdGG72NBtgkQ05GnNiYN+1L2wDnegwhHHnQzz56VJOSJ
>> >> FcDnIDms3JhV0FxjsWTeFwvvWBYahd7EEgzTO+xY3rntU9uiQS60HHh1l9RTNyVt
>> >> AlTmkH0BnEfzeWp/Yq5ynCQ3Sosy4LuZucmwvZeFeVtksArehSW8Gpe1p5RaP2Gy
>> >> 12EMp9EaexKL73W4F0XQpgljNt0kKeqE16M7xE1dlxtcTU6ftwJj75L+eFbRYJYQ
>> >> 09M75ui0PUAFidTljjx1t9ChPwjJzEZ/krm3YI193NbxXT2cL5zCwOV3XILKL8q1
>> >> FVbUDREQqaZi09sPst06Z3ODUVFMgCG3OpQcsyIQnYhMMhWxvAsg4UIh/vagkeFL
>> >> oHtVU+AWsO4RMqfrDUvNMUzUpe15mR61A8qGooEF56IehvCPh1obPQnGzS622f7S
>> >> jwGgCLs9PZAs/f7S0gKKQtExxuK1cvXbgR8L6KgkNFZxdXJyiLdCZ34VURqoQ+zu
>> >> nrdRbY+kVNx3+slu5Qlyi2RMNsrmE6Y9V2YNPcwXBHLDgGgvtyqsE7zUkWrGxZYQ
>> >> AztYQPdi6fU8K2muzJDS+f5j9F4YPcotARHv0H3KHO+ZJrxSX1R8G8eG1YbtFrLG
>> >> =aZhd
>> >> -----END PGP MESSAGE-----
>> >>
>>
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150514/bf38c0e4/attachment.html>


More information about the OpenStack-operators mailing list