[Debian] [Announce] [Security] vzctl 4.9.4
Ola Lundqvist
ola at inguza.com
Mon Aug 31 14:22:27 PDT 2015
Privet Kir and Igor
Sources and patches here:
ftp://ftp.debian.org/debian/pool/main/v/vzctl/
Source is named .orig.tar.gz
and the patches are either in .diff.gz or packaged in .debian.tar.gz
I think we should at least backport 4.8 (current stable) and then maybe
oldstable 3.0.30. 3.0.24 is oldold stable so I guess you can skip that.
Thanks in advance
// Ola
On Mon, Aug 31, 2015 at 11:17 PM, Kir Kolyshkin <kir at odin.com> wrote:
>
>
> On 08/31/2015 12:15 PM, Ola Lundqvist wrote:
>
> I was. :-) Thanks!
>
> Will look into this shortly. Will also look into backporting the fix.
>
>
> Ola,
>
> I think Igor (in Cc) will be able to provide the fix backported,
> just let us know which version do you have in Debian (and a link
> to sources, as I guess you have some patches in there, too).
>
> Kir.
>
>
>
> // Ola
>
> On Mon, Aug 31, 2015 at 8:47 PM, Kir Kolyshkin <kir at openvz.org> wrote:
>
>>
>>
>> On 08/26/2015 01:26 AM, Sergey Bronnikov wrote:
>>
>>> Hi
>>>
>>> On 23:19 Tue 25 Aug , Ola Lundqvist wrote:
>>>
>>>> Hi again
>>>>
>>>> Also I can not find where to download the software (neither binaries nor
>>>> sources). Is it only available in git?
>>>>
>>> It is not so difficult to find sources.
>>> We have one git repo for openvz sources -
>>> src.openvz.org.
>>> vzctl sources are here
>>> https://src.openvz.org/projects/OVZL/repos/vzctl/browse
>>>
>>
>> Ola is probably asking about the source tarball. It's here:
>> http://download.openvz.org/utils/vzctl/4.9.4/src/vzctl-4.9.4.tar.bz2
>>
>>
>>
>>>
>>> Cheers
>>>>
>>>> // Ola
>>>>
>>>> On Tue, Aug 25, 2015 at 11:15 PM, Ola Lundqvist < <ola at inguza.com>
>>>> ola at inguza.com> wrote:
>>>>
>>>> Hi Sergey
>>>>>
>>>>> How serious should we consider this problem? Should I ask the Debian
>>>>> security team (Debian do not accept new revisions, just backports for
>>>>> security fixes to their stable releases) to backport this correction
>>>>> to the
>>>>> current vzctl stable package?
>>>>>
>>>>> In the meantime I'll build this 4.9.4 for debian unstable and also
>>>>> upload
>>>>> to the openvz download directory. First testing and then after a few
>>>>> days
>>>>> to the wheezy and jessie stable targets.
>>>>>
>>>>> Regards,
>>>>>
>>>>> // Ola
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Aug 25, 2015 at 2:32 PM, Sergey Bronnikov <sergeyb at openvz.org>
>>>>> wrote:
>>>>>
>>>>> OpenVZ project has released a new vzctl update for legacy OpenVZ.
>>>>>> Read below for more information. Everybody is advised to upgrade.
>>>>>>
>>>>>> Changes
>>>>>> =======
>>>>>> * store VE layout to VE config on start
>>>>>> * store VE layout in VE config during create and convert
>>>>>>
>>>>>> See full changelog here:
>>>>>> https://src.openvz.org/projects/OVZL/repos/vzctl/commits
>>>>>>
>>>>>> Download
>>>>>> ========
>>>>>> http://wiki.openvz.org/Download/vzctl/4.9.4
>>>>>>
>>>>>>
>>>>>> Thanks
>>>>>> ======
>>>>>> OpenVZ project would like to thank the RACK911LABS for discovering
>>>>>> this
>>>>>> bug and
>>>>>> providing the attack scenario.
>>>>>>
>>>>>>
>>>>>> Bug reporting
>>>>>> =============
>>>>>> Please report all bugs found to <https://bugs.openvz.org/>
>>>>>> https://bugs.openvz.org/
>>>>>>
>>>>>>
>>>>>> Other sources of info on updates
>>>>>> ================================
>>>>>> See http://planet.openvz.org/ to view all the news (including
>>>>>> updates)
>>>>>> online.
>>>>>> There you can also find RSS/Atom feed links.
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> OpenVZ team
>>>>>> _______________________________________________
>>>>>> Announce mailing list
>>>>>> Announce at openvz.org
>>>>>> https://lists.openvz.org/mailman/listinfo/announce
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> --- Inguza Technology AB --- MSc in Information Technology ----
>>>>> / ola at inguza.com Annebergsslingan 37 \
>>>>> | opal at debian.org 654 65 KARLSTAD |
>>>>> | http://inguza.com/ Mobile: +46 (0)70-332 1551
>>>>> <%2B46%20%280%2970-332%201551> |
>>>>> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
>>>>> ---------------------------------------------------------------
>>>>>
>>>>>
>>>>>
>>>> --
>>>> --- Inguza Technology AB --- MSc in Information Technology ----
>>>> / ola at inguza.com Annebergsslingan 37 \
>>>> | opal at debian.org 654 65 KARLSTAD |
>>>> | http://inguza.com/ Mobile: +46 (0)70-332 1551
>>>> <%2B46%20%280%2970-332%201551> |
>>>> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
>>>> ---------------------------------------------------------------
>>>>
>>>
>>
>
>
> --
> --- Inguza Technology AB --- MSc in Information Technology ----
> / <ola at inguza.com>ola at inguza.com Annebergsslingan 37
> \
> | <opal at debian.org>opal at debian.org 654 65 KARLSTAD
> |
> | <http://inguza.com/>http://inguza.com/ Mobile: +46
> (0)70-332 1551 |
> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
> ---------------------------------------------------------------
>
>
>
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola at inguza.com Annebergsslingan 37 \
| opal at debian.org 654 65 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/debian/attachments/20150831/ae8af897/attachment-0001.html>
More information about the Debian
mailing list