CVE-2018-5390

Thats great news.

One question: since its kvm and the network devices are bridged, the host cant be attacked by attacking a guest right?

My hosts are behind a firewall, so i should be good to go?

Kind regards
 
The attack is a DOS exhausting CPU resources by sending tiny tcp-segments out of order - thus if one of your guests is attacked it would end up wasting the CPUs you've assigned to it, which, depending on your config, could affect the host.

The effect and protection of the firewall depend on it's workings (if it does tcp-reassembly, and sends a reassembled stream to the host, then this should help) and patchlevel (quite a few firewall vendors base their solutions on linux as well and thus could potentially be affected by this bug).

HTH
 
Thank you for your answer!

I see, most of my vms are allready patched, expect the centos onces since there is no upstream patch so far.

The firewall is indeed using a linux kernel, i will keep this in mind.

Kind regards!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom