[Openstack-operators] Venom vulnerability

Matt Van Winkle mvanwink at rackspace.com
Wed May 13 15:08:47 UTC 2015


So far, your assessment is spot on from what we've seen.  A migration (if you have live migrate that's even better) should net the same result for QEMU.  Some have floated the idea of live migrate within the same host.  I don't know if nova out of the box would support such a thing.

Thanks!
Matt

From: Tim Bell <Tim.Bell at cern.ch<mailto:Tim.Bell at cern.ch>>
Date: Wednesday, May 13, 2015 9:31 AM
To: "openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>" <openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>>
Subject: [Openstack-operators] Venom vulnerability


Looking through the details of the Venom vulnerability, https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/, it would appear that the QEMU processes need to be restarted.

Our understanding is thus that a soft reboot of the VM is not sufficient but a hard one would be OK.

Some quick tests have shown that a suspend/resume of the VM also causes a new process.

How are others looking to address this vulnerability ?

(I guess the security session will have a few extra people signing up in Vancouver now...)

Tim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150513/0e340016/attachment.html>


More information about the OpenStack-operators mailing list