CVE-2014-3153 / vzkernel 042stab090.3

onlime said:
Hi
Any plans when you are going to release an updated kernel with CVE-2014-3153 fixed? CVE-2014-3153 is pretty nasty.
According to OpenVZ this was fixed on 2014-06-06 in kernel 042stab090.3, https://twitter.com/_openvz_/status/474989972663988224
Click to expand...

I already assembled that kernel:

http://download1.proxmox.com/debian...ve-headers-2.6.32-30-pve_2.6.32-128_amd64.deb

but unfortunately, the security fix introduce some unexpected errors, see:

https://bugzilla.openvz.org/show_bug.cgi?id=2994
 
Thanks Dietmar,
So your recommendation is to rather wait for this to be fixed? It sounds like futex calls are completely broken. Personally I don't care about Gnome/X11 but am afraid futex is used elsewhere.
Best Regards,
Philip
 
onlime said:
So your recommendation is to rather wait for this to be fixed? It sounds like futex calls are completely broken. Personally I don't care about Gnome/X11 but am afraid futex is used elsewhere.
Best Regards,
Click to expand...

I am also afraid that futex is broken on the host side.
 
Thanks Dietmar!
I just noticed you already released 2.6.32-30-pve in pve-no-subscription repository. I have tested the kernel on one server and it's working fine.
Can you tell me when you're going to push this kernel into the Proxmox pve-enterprise repository. As this is security relevant, I'd prefer if it gets pushed sooner rather than later.
Best regards, Philip
 
dietmar said:
We will test a few more days, and move it next week.
Click to expand...

FYI: I'm running kernel 2.6.32-30-pve already since last Saturday (2014-06-21) on 10 different Proxmox VE host nodes, at two webhosting companies, without any issues! We are running 100% OpenVZ containers, no KVM so far.
Thanks for your great support.
Best regards, Philip
 
You must log in or register to reply here.
Top Bottom