Cve-2015-1805

[snowpoke]

Is CVE-2015-1805 vulnerability concerns kernel in pve-no-subscription repo?

https://access.redhat.com/security/cve/CVE-2015-1805

 

[snowpoke]

No one interested in security on proxmox forums?

 

[Blub]

The fixes are upstream so they will be in the next kernel update I suppose. As for older kernels (like ancient openvz stuff) ... I don't know. Do they apply conflict-free?

 

[tom]

we just uploaded a new kernel to our pvetest repository, please test.

pve-kernel-2.6.32 (2.6.32-157)

• update to vzkernel-2.6.32-042stab108.5.src.rpm (fix for CVE-2015-2925, CVE-2015-1805, CVE-2014-9419, CVE-2015-3331, CVE-2014-9585, CVE-2014-9420)

 

[vkhera]

Does your proxmox server have local users able to run arbitrary software?

yes=> worry
no=> don't worry