[Debian] [Announce] [Security] vzctl 4.9.4
Ola Lundqvist
ola at inguza.com
Mon Aug 31 12:15:15 PDT 2015
I was. :-) Thanks!
Will look into this shortly. Will also look into backporting the fix.
// Ola
On Mon, Aug 31, 2015 at 8:47 PM, Kir Kolyshkin <kir at openvz.org> wrote:
>
>
> On 08/26/2015 01:26 AM, Sergey Bronnikov wrote:
>
>> Hi
>>
>> On 23:19 Tue 25 Aug , Ola Lundqvist wrote:
>>
>>> Hi again
>>>
>>> Also I can not find where to download the software (neither binaries nor
>>> sources). Is it only available in git?
>>>
>> It is not so difficult to find sources.
>> We have one git repo for openvz sources -
>> src.openvz.org.
>> vzctl sources are here
>> https://src.openvz.org/projects/OVZL/repos/vzctl/browse
>>
>
> Ola is probably asking about the source tarball. It's here:
> http://download.openvz.org/utils/vzctl/4.9.4/src/vzctl-4.9.4.tar.bz2
>
>
>
>>
>> Cheers
>>>
>>> // Ola
>>>
>>> On Tue, Aug 25, 2015 at 11:15 PM, Ola Lundqvist <ola at inguza.com> wrote:
>>>
>>> Hi Sergey
>>>>
>>>> How serious should we consider this problem? Should I ask the Debian
>>>> security team (Debian do not accept new revisions, just backports for
>>>> security fixes to their stable releases) to backport this correction to
>>>> the
>>>> current vzctl stable package?
>>>>
>>>> In the meantime I'll build this 4.9.4 for debian unstable and also
>>>> upload
>>>> to the openvz download directory. First testing and then after a few
>>>> days
>>>> to the wheezy and jessie stable targets.
>>>>
>>>> Regards,
>>>>
>>>> // Ola
>>>>
>>>>
>>>>
>>>> On Tue, Aug 25, 2015 at 2:32 PM, Sergey Bronnikov <sergeyb at openvz.org>
>>>> wrote:
>>>>
>>>> OpenVZ project has released a new vzctl update for legacy OpenVZ.
>>>>> Read below for more information. Everybody is advised to upgrade.
>>>>>
>>>>> Changes
>>>>> =======
>>>>> * store VE layout to VE config on start
>>>>> * store VE layout in VE config during create and convert
>>>>>
>>>>> See full changelog here:
>>>>> https://src.openvz.org/projects/OVZL/repos/vzctl/commits
>>>>>
>>>>> Download
>>>>> ========
>>>>> http://wiki.openvz.org/Download/vzctl/4.9.4
>>>>>
>>>>>
>>>>> Thanks
>>>>> ======
>>>>> OpenVZ project would like to thank the RACK911LABS for discovering this
>>>>> bug and
>>>>> providing the attack scenario.
>>>>>
>>>>>
>>>>> Bug reporting
>>>>> =============
>>>>> Please report all bugs found to https://bugs.openvz.org/
>>>>>
>>>>>
>>>>> Other sources of info on updates
>>>>> ================================
>>>>> See http://planet.openvz.org/ to view all the news (including updates)
>>>>> online.
>>>>> There you can also find RSS/Atom feed links.
>>>>>
>>>>>
>>>>> Regards,
>>>>> OpenVZ team
>>>>> _______________________________________________
>>>>> Announce mailing list
>>>>> Announce at openvz.org
>>>>> https://lists.openvz.org/mailman/listinfo/announce
>>>>>
>>>>>
>>>>
>>>> --
>>>> --- Inguza Technology AB --- MSc in Information Technology ----
>>>> / ola at inguza.com Annebergsslingan 37 \
>>>> | opal at debian.org 654 65 KARLSTAD |
>>>> | http://inguza.com/ Mobile: +46 (0)70-332 1551 |
>>>> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
>>>> ---------------------------------------------------------------
>>>>
>>>>
>>>>
>>> --
>>> --- Inguza Technology AB --- MSc in Information Technology ----
>>> / ola at inguza.com Annebergsslingan 37 \
>>> | opal at debian.org 654 65 KARLSTAD |
>>> | http://inguza.com/ Mobile: +46 (0)70-332 1551 |
>>> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
>>> ---------------------------------------------------------------
>>>
>>
>
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola at inguza.com Annebergsslingan 37 \
| opal at debian.org 654 65 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/debian/attachments/20150831/c588ed2e/attachment.html>
More information about the Debian
mailing list