[Openstack-operators] Venom vulnerability

Basil Baby basilbaby at gmail.com
Thu May 14 15:04:04 UTC 2015


If anyone from Canonical here who maintains ubuntu-cloud.archive.canonical,

I can see the patch for CVE-2015-3456 updated to qemu-kvm package on
Precise - Icehouse branch.
https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/icehouse-staging/+build/7425816

But, on precise-havana it is not yet updated.
(Latest available is
https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/havana-staging/+build/5955528
)
Is there a plan to update the package ?

Thanks,
-Basil

On Wed, May 13, 2015 at 7:25 PM, Matt Van Winkle <mvanwink at rackspace.com>
wrote:

> It would.  I'd test though.  Depending on the amount of RAM and the I/O of
> the underlying host, we saw that some larger instances could take longer
> to suspend/resume than shutdown/power up.  You maintain the state of the
> system, but may see longer "downtime" for the instance.  Something to
> think about.
>
> Thanks!
> Matt
>
> On 5/13/15 6:19 PM, "Favyen Bastani" <fbastani at perennate.com> wrote:
>
> >Would a virsh suspend/save/restore/resume operation accomplish similar
> >result as the localhost migration?
> >
> >Best,
> >Favyen
> >
> >On 05/13/2015 12:44 PM, Matt Van Winkle wrote:
> >> Yeah, something like that would be handy.
> >>
> >> From: matt <matt at nycresistor.com<mailto:matt at nycresistor.com>>
> >> Date: Wednesday, May 13, 2015 10:29 AM
> >> To: "Daniel P. Berrange"
> >><berrange at redhat.com<mailto:berrange at redhat.com>>
> >> Cc: Matt Van Winkle
> >><mvanwink at rackspace.com<mailto:mvanwink at rackspace.com>>,
> >>"openstack-operators at lists.openstack.org<mailto:
> openstack-operators at lists
> >>.openstack.org>"
> >><openstack-operators at lists.openstack.org<mailto:
> openstack-operators at lists
> >>.openstack.org>>
> >> Subject: Re: [Openstack-operators] Venom vulnerability
> >>
> >> honestly that seems like a very useful feature to ask for...
> >>specifically for upgrading qemu.
> >>
> >> -matt
> >>
> >> On Wed, May 13, 2015 at 11:19 AM, Daniel P. Berrange
> >><berrange at redhat.com<mailto:berrange at redhat.com>> wrote:
> >> On Wed, May 13, 2015 at 03:08:47PM +0000, Matt Van Winkle wrote:
> >>> So far, your assessment is spot on from what we've seen.  A migration
> >>> (if you have live migrate that's even better) should net the same
> >>>result
> >>> for QEMU.  Some have floated the idea of live migrate within the same
> >>> host.  I don't know if nova out of the box would support such a thing.
> >>
> >> Localhost migration (aka migration within the same host) is not
> >>something
> >> that is supported by libvirt/KVM. Various files QEMU has on disk are
> >>based
> >> on the VM name/uuid and you can't have 2 QEMU processes on the host
> >>having
> >> the files at the same time, which precludes localhost migration working.
> >>
> >> Regards,
> >> Daniel
> >>
> >>
> >>
> >> -----BEGIN PGP MESSAGE----- Version: GnuPG v1 Comment: Charset:
> >>us-ascii
> >> hQIMA4ToeuPbGFzLAQ//WKATa6VRGKJKq7zAcUTO0tS8Lgq5zuo1buc2pJtbPKXi
> >> pFmHpgTsXxoU3LNhfWelAToCQdacVLUw5OiFsWyoVsjAcuRzMrN+l8WHYG4jZDGs
> >> bXCUp4XwShex35/vmI15NTAKrmbgIJZRi80sewCZ8H13rei86TPKA5b1C9SFxiqq
> >> KGmntJdiEyk+x2SOz5xvZVx/29XryUSBXo6YAVQmW4AZrrdVdkRxDKCX3tw90UZ+
> >> RCibGl1nac4n2rrXZ+izKcq6d+CYo28yBaEJ5zecrU1K9M/rZwyVWnr5NTP0bs0B
> >> EOBV+0YsaBJdfbdrntKGUZCKVta4QdX9mOIQ7GYM/DP3IxHywFKfcwjG0iRjHYQG
> >> sNCK0ymhr+eNcBKWHjyVqvy/W5IIep+ES1Y7xhmwqPfWEraNQ+Scc9T6i7mWAaam
> >> dn7fVaO3dOHEoKVGX6Z+TtQS+FjesrgtOtvEeonVAkQLNEBVnQcMaMOrz+Ia1AXf
> >> +SwkcksDaqylXC1TqTLjyA7ceEHWqPL7d6EfIM7dBT/tg0h5WL2XgoJlFddSXDoR
> >> 99b2Arc9jaG+tJamvRO+M8Ky8uVuD5pF68wDwfvPqHbzSzzt3fmmkQkOVmtNLkjp
> >> ZAGDxV/0+xhurdz4HFDz6q3ShpgREsgBEOd8uY7UCn67nRZbrS4YtdUIV25dhknS
> >> 6gGkwfhs5IR99F/IvQUXsUs1m5DCWZI0GkWEaTcTEJfNoYHLPH+vLdtzupNz7ihp
> >> sNtie42q3urYLW5irAFeTW8jyjS4V5TPMMUXMvp5DG4eOGGCoKiZQhmT3JJB3PHe
> >> 5kghWgOlRQyK9trkH1zS8cgpXPhL+g/LGRfrp+xH7E7Hn1DLMizeQargFpcLmpdR
> >> KHQQCHlBuB4gTQ0n/ai5zRVrioH+6GVMVedUxsYTMlrVWNGocYVZ/lzjHdDGVPiQ
> >> JoxmMxVqL8icPu21FoIXGKiTA6VI0cAmugpQDXFVuk+HVYyYGtj9swmPyaR7ykXU
> >> 1+4KAyBXsmz4y/mQxKsSVZnlp+cq9Y6iR7IPcj06KMeTF61Zc6sJZ0aIDl6IzzOB
> >> UErMtFTKuAMAFPmB2wZ2kMsuz5K48BZcDSeO6PT6fbsWtQvmRK+Fqjf8iLtpLnEj
> >> 2aG0hKeDTJkZKJOtaHoePx1MBrfRS1kCSAhjTCIxgSuIKLsRx9M+8KfqB+suYXUA
> >> RbrSrOyvl16YfUmTaWdYS+PdKuLYEVHViqZecvc30jALJoQOcvoWO7Kwzh4Tl4H9
> >> jeSA1+lpV0P25tm7x+PbpAVgbX0aBD4rs2TYU79MersBvL8trm3q6UcB0Bcud/XQ
> >> rUTUa7xUgS8XO+EsU6WMKmRZ+Usl+yTqaXH4eTMMAAL1b2Kq9Lr3RZP/zuQpYfiG
> >> aSfX8al6YJQRGRVwYORbeUjcOw5fioash8Xf1OEpj0fYLGbsqhRUZU6UbADjEcHo
> >> YJID1xvBUmw149iCbOTwHb1rTfw2t8VThkfIxbSTd7t/urYNn5F5H1dhWocvs+oR
> >> cd4GKZJjvQcT2/RH8taspQjWNL5asRQvwdb6ZUYQDa5G6o2N3pjIrP9Itue8Iaf6
> >> B/xZ6MnFnAB821YiT1V0KbX7FB8bE6HE9z7jR1zpqBA3LbPxVtst2AxenVxbCSQT
> >> scA5c4YoXXgxPbrCyX22lyAKwuYEaRa7KrPVjrJoyjDDK1uFD0JRqzokJcS/7dBY
> >> F9xrz5H9yRoyVwy/pG9uEdoQkGth3DiOBkqUMYrvipqP0AKHRHcASdL/3fbgdB9Q
> >> bmCwWVTyUVbmqztawJ8Xc9+QRk1wEbLvt3df9DZkUT8lqR9JUt4xLWpMvhOhsIVQ
> >> iXFaeSoZTpa7B8NzTpJPfCrZtTYnZxzHewxg0gViHQPSv+LmvpR2Z3k6CkgRdqKE
> >> 1vM/+Ih2Ksc+Yyd5T40IObyaTmSigXnIkKv3vHQtaZaLmwiZRFJY8EmLASSz5/o/
> >> LUNMH1CPPvj00W3rLzMHDnYu2ZhWETpQBGjNUWcQnzo6Vfg3SBXse3WbZu73Ix2f
> >> O+kMHjMtB9Nf4URij4D3obLpSVZ1F95wyS63yTuS7nncSNnvbm891946F4/k/J79
> >> 4fsPVdOA3JSrR9nl10yKsxlfbeTh3saPP2GvDd7TWmC1AdCej64RyyNojJONvbi2
> >> su4esVJicnUZM0/d4nqhiYacVxhDU4PnWcy9xISEwgKT0LTlC8VWO8qdRqa5RFlq
> >> ewUoE1pCoxapKYOv+GC4DKHmGXp4xcpDnQvQFqcG7ntlZGPmfu4kyCguniCGF0yV
> >> nbffVuNUQYNlBt9Y1X9YBZX+DAlx822qOXWDnqe9yhPlEcH7RxmXqdQlqDDZZDhs
> >> QhJvqVuBSRxmEoi4K/vE04HPa79L39h40jX1NmGuBjwhst1+1fYfHHS16PqlbNZF
> >> H1KuELxVkK4HKhyxr5xTGubLHjIC13tMe73bQadFod5cUiZj+fhRSTzHrAUru9Jk
> >> HvUDPF3b9R2fcPRqD5Mtg2gjRDsgWvrODoLW+tCdNuBf3eg3JJYzlFkJU1wiMaml
> >> XdQwiGD8m0hABnae7RFODogXpzfKkeFIRmV7vWQqkRc4LUBE0+diw61qaIJE+9d8
> >> 3NGdESlAleI9hMQVSuwzb5vEn5d4+qPoi1/LhlToho2WJo1By9KkAIUY4eSo8jih
> >> CY+QgrLGZ6CRDLkkj7hVIDdThVcTxesPeDL4DStdee/d2g1PLzWMsQlp0/NDyDZx
> >> azBbdEZub5/el9Buzgmrv/NgKP3GYLiexFcMe4B9p8Q7AqbtE7oPxOZD4a6EVVe0
> >> 3u6WKkNOzqDgLKUmt6EAYI9zxwKz/r8K4UKahoi9abrmGwvsrApICJfThC74aw== =QMaw
> >>-----END
> >> PGP MESSAGE-----
> >>
> >>
> >>
> >> -----BEGIN PGP MESSAGE-----
> >> Version: GnuPG v1
> >> Comment: Charset: us-ascii
> >>
> >> hQIMA4ToeuPbGFzLARAAg0zb38BESkbvvLbom+Lcf+NpIfxCZvsok8DRTEeEO3v5
> >> sCsiK50E/IwxRpdO0IhqfOmMhJDmHAOD8emqgNMH6dppiV2ftuxraTU27+I8Kmdi
> >> o8VUDb98XvH1DjsjcKLGWwM5+dKqtnh7adiJwsRRiEswuumtsh+eH5R9D7928kgV
> >> ZZn6b615jGulXMeIf6BuSEfLXBiSE5hgYfizcakFzdW/gm+8URGUQYGBlwm/qQoV
> >> f37TmSqrDiM1nVn7KF2NGdGG72NBtgkQ05GnNiYN+1L2wDnegwhHHnQzz56VJOSJ
> >> FcDnIDms3JhV0FxjsWTeFwvvWBYahd7EEgzTO+xY3rntU9uiQS60HHh1l9RTNyVt
> >> AlTmkH0BnEfzeWp/Yq5ynCQ3Sosy4LuZucmwvZeFeVtksArehSW8Gpe1p5RaP2Gy
> >> 12EMp9EaexKL73W4F0XQpgljNt0kKeqE16M7xE1dlxtcTU6ftwJj75L+eFbRYJYQ
> >> 09M75ui0PUAFidTljjx1t9ChPwjJzEZ/krm3YI193NbxXT2cL5zCwOV3XILKL8q1
> >> FVbUDREQqaZi09sPst06Z3ODUVFMgCG3OpQcsyIQnYhMMhWxvAsg4UIh/vagkeFL
> >> oHtVU+AWsO4RMqfrDUvNMUzUpe15mR61A8qGooEF56IehvCPh1obPQnGzS622f7S
> >> jwGgCLs9PZAs/f7S0gKKQtExxuK1cvXbgR8L6KgkNFZxdXJyiLdCZ34VURqoQ+zu
> >> nrdRbY+kVNx3+slu5Qlyi2RMNsrmE6Y9V2YNPcwXBHLDgGgvtyqsE7zUkWrGxZYQ
> >> AztYQPdi6fU8K2muzJDS+f5j9F4YPcotARHv0H3KHO+ZJrxSX1R8G8eG1YbtFrLG
> >> =aZhd
> >> -----END PGP MESSAGE-----
> >>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150514/b0c0d1ff/attachment.html>


More information about the OpenStack-operators mailing list