SimFS exploit - Problem?
- Thread starter cymech
- Start date
Good you beat me to asking the same question.
Ongoing Discussion(s) via WHT:
http://www.webhostingtalk.com/showthread.php?t=1387714
http://www.webhostingtalk.com/showthread.php?t=1387707
Relevant Links / Updates:New kernel from openvz has been released.
https://openvz.org/Download/kernel/rhel6/042stab090.5
http://kb.parallels.com/en/122142
When can we expect a new Proxmox kernel to patch this exploit?
Thanks
Hey guys,
i am working on an kernel update to patch this exploit.
I'm not a proxmox staff member, but I will try to release this patched kernel today to ensure
every proxmox installation is safe against this exploit
Hope I will be successful.
The Proxmox team should have no objections or?
Update:
Kernel seems stable/bootable. Will do further tests. Keep you informed.
See you back later.
Thanks
i am working on an kernel update to patch this exploit.
I'm not a proxmox staff member, but I will try to release this patched kernel today to ensure
every proxmox installation is safe against this exploit
Hope I will be successful.
The Proxmox team should have no objections or?
Update:
Kernel seems stable/bootable. Will do further tests. Keep you informed.
See you back later.
Thanks
Last edited:
Hey guys,
kernel is successfully tested.
I am not liable for any loss of data or system coruption. Any usage of this kernel is done at the users risk and he is responsible
for any damage to any computer system or loss of data. I do not recommend using this kernel in production environments.
proxmox-ve-2.6.32_3.2-130_all.deb: is optional. Only for own repos.
pve-kernel-2.6.32-30-pve_2.6.32-130_amd64.deb: required
pve-headers-2.6.32-30-pve_2.6.32-130_amd64.deb: optional but I recommend installing this
Instructions:
Run the following as root
dpkg -i pve-kernel-2.6.32-30-pve_2.6.32-130_amd64.deb
dpkg -i pve-headers-2.6.32-30-pve_2.6.32-130_amd64.deb
Download Link: http://ts.phinitris.de/proxmox/pve-kernel-2.6.32/
After that reboot your sytem and you should be protected against this vulnerability.
If you find any bugs, please let me know.
Anybody can confirm it's running smoothly or do you have problems?
Thanks
kernel is successfully tested.
I am not liable for any loss of data or system coruption. Any usage of this kernel is done at the users risk and he is responsible
for any damage to any computer system or loss of data. I do not recommend using this kernel in production environments.
proxmox-ve-2.6.32_3.2-130_all.deb: is optional. Only for own repos.
pve-kernel-2.6.32-30-pve_2.6.32-130_amd64.deb: required
pve-headers-2.6.32-30-pve_2.6.32-130_amd64.deb: optional but I recommend installing this
Instructions:
Run the following as root
dpkg -i pve-kernel-2.6.32-30-pve_2.6.32-130_amd64.deb
dpkg -i pve-headers-2.6.32-30-pve_2.6.32-130_amd64.deb
Download Link: http://ts.phinitris.de/proxmox/pve-kernel-2.6.32/
After that reboot your sytem and you should be protected against this vulnerability.
If you find any bugs, please let me know.
Anybody can confirm it's running smoothly or do you have problems?
Thanks
Last edited:
I uploaded a fix to pve-no-subscription:
http://download1.proxmox.com/debian...pve-kernel-2.6.32-30-pve_2.6.32-130_amd64.deb
We will update the enterprise repo tomorrow (after further testing).
http://download1.proxmox.com/debian...pve-kernel-2.6.32-30-pve_2.6.32-130_amd64.deb
We will update the enterprise repo tomorrow (after further testing).
Thanks Dietmar for reacting so fast to this vuln. Kernel is working so far for us. It's already installed on 8 of our Proxmox host nodes.
PLEASE BE CAREFUL WITH DIETMAR'S KERNEL! In our case not only the network doesn't work, all VMs don't start too with some random error codes (different code for each VM).
EDIT: The error codes were 47 and 62, not different for each VM.
Network related problems I've found in syslog:
So likely it's not a network problem per se, but some incompatibility with networkmanager.
EDIT: The error codes were 47 and 62, not different for each VM.
Network related problems I've found in syslog:
So likely it's not a network problem per se, but some incompatibility with networkmanager.
Last edited: