[Debian] [Announce] [Security] vzctl 4.9.4
Kir Kolyshkin
kir at openvz.org
Mon Aug 31 11:47:57 PDT 2015
On 08/26/2015 01:26 AM, Sergey Bronnikov wrote:
> Hi
>
> On 23:19 Tue 25 Aug , Ola Lundqvist wrote:
>> Hi again
>>
>> Also I can not find where to download the software (neither binaries nor
>> sources). Is it only available in git?
> It is not so difficult to find sources.
> We have one git repo for openvz sources -
> src.openvz.org.
> vzctl sources are here https://src.openvz.org/projects/OVZL/repos/vzctl/browse
Ola is probably asking about the source tarball. It's here:
http://download.openvz.org/utils/vzctl/4.9.4/src/vzctl-4.9.4.tar.bz2
>
>
>> Cheers
>>
>> // Ola
>>
>> On Tue, Aug 25, 2015 at 11:15 PM, Ola Lundqvist <ola at inguza.com> wrote:
>>
>>> Hi Sergey
>>>
>>> How serious should we consider this problem? Should I ask the Debian
>>> security team (Debian do not accept new revisions, just backports for
>>> security fixes to their stable releases) to backport this correction to the
>>> current vzctl stable package?
>>>
>>> In the meantime I'll build this 4.9.4 for debian unstable and also upload
>>> to the openvz download directory. First testing and then after a few days
>>> to the wheezy and jessie stable targets.
>>>
>>> Regards,
>>>
>>> // Ola
>>>
>>>
>>>
>>> On Tue, Aug 25, 2015 at 2:32 PM, Sergey Bronnikov <sergeyb at openvz.org>
>>> wrote:
>>>
>>>> OpenVZ project has released a new vzctl update for legacy OpenVZ.
>>>> Read below for more information. Everybody is advised to upgrade.
>>>>
>>>> Changes
>>>> =======
>>>> * store VE layout to VE config on start
>>>> * store VE layout in VE config during create and convert
>>>>
>>>> See full changelog here:
>>>> https://src.openvz.org/projects/OVZL/repos/vzctl/commits
>>>>
>>>> Download
>>>> ========
>>>> http://wiki.openvz.org/Download/vzctl/4.9.4
>>>>
>>>>
>>>> Thanks
>>>> ======
>>>> OpenVZ project would like to thank the RACK911LABS for discovering this
>>>> bug and
>>>> providing the attack scenario.
>>>>
>>>>
>>>> Bug reporting
>>>> =============
>>>> Please report all bugs found to https://bugs.openvz.org/
>>>>
>>>>
>>>> Other sources of info on updates
>>>> ================================
>>>> See http://planet.openvz.org/ to view all the news (including updates)
>>>> online.
>>>> There you can also find RSS/Atom feed links.
>>>>
>>>>
>>>> Regards,
>>>> OpenVZ team
>>>> _______________________________________________
>>>> Announce mailing list
>>>> Announce at openvz.org
>>>> https://lists.openvz.org/mailman/listinfo/announce
>>>>
>>>
>>>
>>> --
>>> --- Inguza Technology AB --- MSc in Information Technology ----
>>> / ola at inguza.com Annebergsslingan 37 \
>>> | opal at debian.org 654 65 KARLSTAD |
>>> | http://inguza.com/ Mobile: +46 (0)70-332 1551 |
>>> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
>>> ---------------------------------------------------------------
>>>
>>>
>>
>> --
>> --- Inguza Technology AB --- MSc in Information Technology ----
>> / ola at inguza.com Annebergsslingan 37 \
>> | opal at debian.org 654 65 KARLSTAD |
>> | http://inguza.com/ Mobile: +46 (0)70-332 1551 |
>> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
>> ---------------------------------------------------------------
More information about the Debian
mailing list