Proxmox and CVE-2014-0196

chrisl · May 12, 2014

Hi there,

do you saw the latest bug in the current linux kernels? Are you going to fix it or is there no need to update the current PVE kernel?

https://security-tracker.debian.org/tracker/CVE-2014-0196

Thanks in advance,

Chris

dietmar · May 13, 2014

We will include that as soon as we get a patch for 2.6.32. But there are normally no local users on PVE nodes.

Michael 2 · May 13, 2014

Thanks for the update!Concerning the local users: Any idea if this could be exploited from inside a OpenVZ container?best regards,Michael

D2Aq · May 13, 2014

Hello, like "Michael 2" I need some information for exploitability inside OpenVZ CT
Thank's.

fomistoklus · May 19, 2014

Hello,
openvz CT's are using the same kernel from openvz node. Only what you need is check the kernel on the node. According to OpenVZ news:
OpenVZ Containers @_openvz_ · May 13 CVE-2014-0196: if you haven't updated your openvz kernel / rebooted during last 12 months, please do that now.

CVE-2014-0196 update: OpenVZ kernels since 042stab076.7 (released a year ago, April 2013) are not exploitable. Older ones are.

Search

Search

Proxmox and CVE-2014-0196

chrisl

Member

dietmar

Proxmox Staff Member

Michael 2

New Member

D2Aq

New Member

fomistoklus

New Member

We value your privacy