[Debian] [Announce] [Security] vzctl 4.9.4

Ola Lundqvist ola at inguza.com
Tue Aug 25 14:15:30 PDT 2015 

Hi Sergey

How serious should we consider this problem? Should I ask the Debian
security team (Debian do not accept new revisions, just backports for
security fixes to their stable releases) to backport this correction to the
current vzctl stable package?

In the meantime I'll build this 4.9.4 for debian unstable and also upload
to the openvz download directory. First testing and then after a few days
to the wheezy and jessie stable targets.

Regards,

// Ola



On Tue, Aug 25, 2015 at 2:32 PM, Sergey Bronnikov <sergeyb at openvz.org>
wrote:

> OpenVZ project has released a new vzctl update for legacy OpenVZ.
> Read below for more information. Everybody is advised to upgrade.
>
> Changes
> =======
> * store VE layout to VE config on start
> * store VE layout in VE config during create and convert
>
> See full changelog here:
> https://src.openvz.org/projects/OVZL/repos/vzctl/commits
>
> Download
> ========
> http://wiki.openvz.org/Download/vzctl/4.9.4
>
>
> Thanks
> ======
> OpenVZ project would like to thank the RACK911LABS for discovering this
> bug and
> providing the attack scenario.
>
>
> Bug reporting
> =============
> Please report all bugs found to https://bugs.openvz.org/
>
>
> Other sources of info on updates
> ================================
> See http://planet.openvz.org/ to view all the news (including updates)
> online.
> There you can also find RSS/Atom feed links.
>
>
> Regards,
>     OpenVZ team
> _______________________________________________
> Announce mailing list
> Announce at openvz.org
> https://lists.openvz.org/mailman/listinfo/announce
>



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola at inguza.com                    Annebergsslingan 37        \
|  opal at debian.org                   654 65 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/debian/attachments/20150825/ed684ea1/attachment.html>

More information about the Debian mailing list