CVE-2015-0235 and proxmox

[tincboy]

Hello,

I have many servers with Proxmox 2.3 and 3.1(+), how can I find out if my servers are affected by CVE-2015-0235 ?
http://seclists.org/oss-sec/2015/q1/274
Any fast help will be appreciated.

 

[dietmar]

Instead, please update your installations.

 

[tincboy]

Does Proxmox use glibc in it's packages? is it possible to use this vulnerability to gain root access on Proxmox servers?

Regards

 

[mir]

Update to glibc was available from Debian yesterday.

 

[tincboy]

Update to glibc was available from Debian yesterday.

But Debian 6 seems to be still vulnerable, isn't it?
`ldd --version` show eglibc 2.11.3-4 which is vulnerable

 

[mir]

Debian 6 is old stable so unless you have added the URL's for LTS to your repo list you would see any updates. Debian 6 had EOL from Debian security last year.

 

[tincboy]

Debian 6 is old stable so unless you have added the URL's for LTS to your repo list you would see any updates. Debian 6 had EOL from Debian security last year.

Would you please let me know how can I add LTS urls to my repo? do you have their URLs?
I'm upgrading all my servers but it will take days to accomplish.

 

[mir]

https://wiki.debian.org/LTS/Using

 

[tincboy]

I've successfully patched Proxmox 2 and 3, but I don't know if the patch requires reboot,
Does it require reboot to fully patch all affected software ?

 

[SécuIP]

I've successfully patched Proxmox 2 and 3, but I don't know if the patch requires reboot,
Does it require reboot to fully patch all affected software ?

How have you patched your proxmox server ? "apt-get update, upgrade and dist-upgrade don't find any updates for me. Thanks

 

[tincboy]

How have you patched your proxmox server ? "apt-get update, upgrade and dist-upgrade don't find any updates for me. Thanks

If you are using Proxmox2 ( debian 6 ) please firt add LTS repos. ( https://wiki.debian.org/LTS/Using )

 

[SécuIP]

I use Proxmox 3 but unattended-upgrades had already done the update