<div dir="ltr">Hi Sergey<div><br></div><div>How serious should we consider this problem? Should I ask the Debian security team (Debian do not accept new revisions, just backports for security fixes to their stable releases) to backport this correction to the current vzctl stable package?</div><div><br></div><div>In the meantime I'll build this 4.9.4 for debian unstable and also upload to the openvz download directory. First testing and then after a few days to the wheezy and jessie stable targets.</div><div><br></div><div>Regards,</div><div><br></div><div>// Ola<br><div><br></div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 25, 2015 at 2:32 PM, Sergey Bronnikov <span dir="ltr"><<a href="mailto:sergeyb@openvz.org" target="_blank">sergeyb@openvz.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">OpenVZ project has released a new vzctl update for legacy OpenVZ.<br>
Read below for more information. Everybody is advised to upgrade.<br>
<br>
Changes<br>
=======<br>
* store VE layout to VE config on start<br>
* store VE layout in VE config during create and convert<br>
<br>
See full changelog here:<br>
<a href="https://src.openvz.org/projects/OVZL/repos/vzctl/commits" rel="noreferrer" target="_blank">https://src.openvz.org/projects/OVZL/repos/vzctl/commits</a><br>
<br>
Download<br>
========<br>
<a href="http://wiki.openvz.org/Download/vzctl/4.9.4" rel="noreferrer" target="_blank">http://wiki.openvz.org/Download/vzctl/4.9.4</a><br>
<br>
<br>
Thanks<br>
======<br>
OpenVZ project would like to thank the RACK911LABS for discovering this bug and<br>
providing the attack scenario.<br>
<br>
<br>
Bug reporting<br>
=============<br>
Please report all bugs found to <a href="https://bugs.openvz.org/" rel="noreferrer" target="_blank">https://bugs.openvz.org/</a><br>
<br>
<br>
Other sources of info on updates<br>
================================<br>
See <a href="http://planet.openvz.org/" rel="noreferrer" target="_blank">http://planet.openvz.org/</a> to view all the news (including updates) online.<br>
There you can also find RSS/Atom feed links.<br>
<br>
<br>
Regards,<br>
OpenVZ team<br>
_______________________________________________<br>
Announce mailing list<br>
<a href="mailto:Announce@openvz.org">Announce@openvz.org</a><br>
<a href="https://lists.openvz.org/mailman/listinfo/announce" rel="noreferrer" target="_blank">https://lists.openvz.org/mailman/listinfo/announce</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div><font face="courier new, monospace" size="1"> --- Inguza Technology AB --- MSc in Information Technology ----</font></div><div><font face="courier new, monospace" size="1">/ <a href="mailto:ola@inguza.com" target="_blank">ola@inguza.com</a> Annebergsslingan 37 \</font></div><div><font face="courier new, monospace" size="1">| <a href="mailto:opal@debian.org" target="_blank">opal@debian.org</a> 654 65 KARLSTAD |</font></div><div><font face="courier new, monospace" size="1">| <a href="http://inguza.com/" target="_blank">http://inguza.com/</a> Mobile: +46 (0)70-332 1551 |</font></div><div><font face="courier new, monospace" size="1">\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /</font></div><div><font face="courier new, monospace" size="1"> ---------------------------------------------------------------</font></div></div><div><br></div></div></div>
</div>