<div dir="ltr"> Hello,<div><br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div lang="EN-GB" link="#0563C1" vlink="#954F72"><p class="MsoNormal"><u></u></p>
<p class="MsoNormal">Looking through the details of the Venom vulnerability, <a href="https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/" target="_blank">
https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/</a>, it would appear that the QEMU processes need to be restarted.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Our understanding is thus that a soft reboot of the VM is not sufficient but a hard one would be OK.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Some quick tests have shown that a suspend/resume of the VM also causes a new process.</p></div></blockquote><div><br></div><div>The RedHat KB article (linked in the blog post you gave) also mentions that migrating to a patched server should also be sufficient. If either methods (suspend or migration) work, I think those are nicer ways of handling this than hard reboots.</div><div><br></div><div>I also found this statement to be curious:</div><div><br></div><div>"The sVirt and seccomp functionalities used to restrict host's QEMU process privileges and resource access might mitigate the impact of successful exploitation of this issue."</div><div><br></div><div>So perhaps RedHat already has mechanisms in place to prevent exploits such as this from being successful? I wonder if Ubuntu has something similar in place.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div lang="EN-GB" link="#0563C1" vlink="#954F72"><div><p class="MsoNormal"><u></u><u></u></p>
<p class="MsoNormal"><u></u> How are others looking to address this vulnerability ?</p></div></div></blockquote><div><br></div><div>It looks like RedHat has released updates, but I haven't received an announcement for Ubuntu yet -- does anyone know the status?</div><div><br></div><div>As soon as a fix is released, we'll update our hosts. That will ensure new instances aren't vulnerable. We'll then figure out some way of coordinating fixing of older instances.</div><div><br></div><div>Joe</div></div></div></div></div>