<p dir="ltr">Hi Igor</p>
<p dir="ltr">It does not matter really. Both ways will do.</p>
<p dir="ltr">However I have a question. As I understand the config is changed at creation or start. Should it be changed at upgrade time too to make sure the next start is safe? Or is it changed before it is a security hazard?</p>
<p dir="ltr">/Ola</p>
<p dir="ltr">Sent from a phone</p>
<div class="gmail_quote">Den 3 sep 2015 12:37 skrev "Igor Bazhitov" <<a href="mailto:ibazhitov@odin.com">ibazhitov@odin.com</a>>:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi, Ola.<br>
<br>
There are 4 patches in the original fix - 2 of them making various<br>
preparations and the other 2 do the actual fix. Do you need them ported<br>
to vzctl-4.8 as is, or as one big cumulative patch?<br>
<br>
WBR, Igor Bazhitov.<br>
<br>
01.09.2015 00:22, Ola Lundqvist writes:<br>
> Privet Kir and Igor<br>
><br>
> Sources and patches here:<br>
> <a href="ftp://ftp.debian.org/debian/pool/main/v/vzctl/" rel="noreferrer" target="_blank">ftp://ftp.debian.org/debian/pool/main/v/vzctl/</a><br>
><br>
> Source is named .orig.tar.gz<br>
> and the patches are either in .diff.gz or packaged in .debian.tar.gz<br>
><br>
> I think we should at least backport 4.8 (current stable) and then maybe<br>
> oldstable 3.0.30. 3.0.24 is oldold stable so I guess you can skip that.<br>
><br>
> Thanks in advance<br>
><br>
> // Ola<br>
><br>
> On Mon, Aug 31, 2015 at 11:17 PM, Kir Kolyshkin <<a href="mailto:kir@odin.com">kir@odin.com</a><br>
> <mailto:<a href="mailto:kir@odin.com">kir@odin.com</a>>> wrote:<br>
><br>
><br>
><br>
> On 08/31/2015 12:15 PM, Ola Lundqvist wrote:<br>
>> I was. :-) Thanks!<br>
>><br>
>> Will look into this shortly. Will also look into backporting the fix.<br>
><br>
> Ola,<br>
><br>
> I think Igor (in Cc) will be able to provide the fix backported,<br>
> just let us know which version do you have in Debian (and a link<br>
> to sources, as I guess you have some patches in there, too).<br>
><br>
> Kir.<br>
><br>
><br>
>><br>
>> // Ola<br>
>><br>
>> On Mon, Aug 31, 2015 at 8:47 PM, Kir Kolyshkin <<a href="mailto:kir@openvz.org">kir@openvz.org</a><br>
>> <mailto:<a href="mailto:kir@openvz.org">kir@openvz.org</a>>> wrote:<br>
>><br>
>><br>
>><br>
>> On 08/26/2015 01:26 AM, Sergey Bronnikov wrote:<br>
>><br>
>> Hi<br>
>><br>
>> On 23:19 Tue 25 Aug , Ola Lundqvist wrote:<br>
>><br>
>> Hi again<br>
>><br>
>> Also I can not find where to download the software<br>
>> (neither binaries nor<br>
>> sources). Is it only available in git?<br>
>><br>
>> It is not so difficult to find sources.<br>
>> We have one git repo for openvz sources -<br>
>> <a href="http://src.openvz.org" rel="noreferrer" target="_blank">src.openvz.org</a> <<a href="http://src.openvz.org" rel="noreferrer" target="_blank">http://src.openvz.org</a>>.<br>
>> vzctl sources are here<br>
>> <a href="https://src.openvz.org/projects/OVZL/repos/vzctl/browse" rel="noreferrer" target="_blank">https://src.openvz.org/projects/OVZL/repos/vzctl/browse</a><br>
>><br>
>><br>
>> Ola is probably asking about the source tarball. It's here:<br>
>> <a href="http://download.openvz.org/utils/vzctl/4.9.4/src/vzctl-4.9.4.tar.bz2" rel="noreferrer" target="_blank">http://download.openvz.org/utils/vzctl/4.9.4/src/vzctl-4.9.4.tar.bz2</a><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>> Cheers<br>
>><br>
>> // Ola<br>
>><br>
>> On Tue, Aug 25, 2015 at 11:15 PM, Ola Lundqvist<br>
>> <<mailto:<a href="mailto:ola@inguza.com">ola@inguza.com</a>><a href="mailto:ola@inguza.com">ola@inguza.com</a><br>
>> <mailto:<a href="mailto:ola@inguza.com">ola@inguza.com</a>>> wrote:<br>
>><br>
>> Hi Sergey<br>
>><br>
>> How serious should we consider this problem?<br>
>> Should I ask the Debian<br>
>> security team (Debian do not accept new revisions,<br>
>> just backports for<br>
>> security fixes to their stable releases) to<br>
>> backport this correction to the<br>
>> current vzctl stable package?<br>
>><br>
>> In the meantime I'll build this 4.9.4 for debian<br>
>> unstable and also upload<br>
>> to the openvz download directory. First testing<br>
>> and then after a few days<br>
>> to the wheezy and jessie stable targets.<br>
>><br>
>> Regards,<br>
>><br>
>> // Ola<br>
>><br>
>><br>
>><br>
>> On Tue, Aug 25, 2015 at 2:32 PM, Sergey Bronnikov<br>
>> <<a href="mailto:sergeyb@openvz.org">sergeyb@openvz.org</a> <mailto:<a href="mailto:sergeyb@openvz.org">sergeyb@openvz.org</a>>><br>
>> wrote:<br>
>><br>
>> OpenVZ project has released a new vzctl update<br>
>> for legacy OpenVZ.<br>
>> Read below for more information. Everybody is<br>
>> advised to upgrade.<br>
>><br>
>> Changes<br>
>> =======<br>
>> * store VE layout to VE config on start<br>
>> * store VE layout in VE config during create<br>
>> and convert<br>
>><br>
>> See full changelog here:<br>
>> <a href="https://src.openvz.org/projects/OVZL/repos/vzctl/commits" rel="noreferrer" target="_blank">https://src.openvz.org/projects/OVZL/repos/vzctl/commits</a><br>
>><br>
>> Download<br>
>> ========<br>
>> <a href="http://wiki.openvz.org/Download/vzctl/4.9.4" rel="noreferrer" target="_blank">http://wiki.openvz.org/Download/vzctl/4.9.4</a><br>
>><br>
>><br>
>> Thanks<br>
>> ======<br>
>> OpenVZ project would like to thank the<br>
>> RACK911LABS for discovering this<br>
>> bug and<br>
>> providing the attack scenario.<br>
>><br>
>><br>
>> Bug reporting<br>
>> =============<br>
>> Please report all bugs found to<br>
>> <<a href="https://bugs.openvz.org/" rel="noreferrer" target="_blank">https://bugs.openvz.org/</a>><a href="https://bugs.openvz.org/" rel="noreferrer" target="_blank">https://bugs.openvz.org/</a><br>
>><br>
>><br>
>> Other sources of info on updates<br>
>> ================================<br>
>> See <a href="http://planet.openvz.org/" rel="noreferrer" target="_blank">http://planet.openvz.org/</a> to view all the<br>
>> news (including updates)<br>
>> online.<br>
>> There you can also find RSS/Atom feed links.<br>
>><br>
>><br>
>> Regards,<br>
>> OpenVZ team<br>
>> _______________________________________________<br>
>> Announce mailing list<br>
>> <a href="mailto:Announce@openvz.org">Announce@openvz.org</a> <mailto:<a href="mailto:Announce@openvz.org">Announce@openvz.org</a>><br>
>> <a href="https://lists.openvz.org/mailman/listinfo/announce" rel="noreferrer" target="_blank">https://lists.openvz.org/mailman/listinfo/announce</a><br>
>><br>
>><br>
>><br>
>> --<br>
>> --- Inguza Technology AB --- MSc in Information<br>
>> Technology ----<br>
>> / <a href="mailto:ola@inguza.com">ola@inguza.com</a> <mailto:<a href="mailto:ola@inguza.com">ola@inguza.com</a>><br>
>> Annebergsslingan 37 \<br>
>> | <a href="mailto:opal@debian.org">opal@debian.org</a> <mailto:<a href="mailto:opal@debian.org">opal@debian.org</a>><br>
>> 654 65 KARLSTAD |<br>
>> | <a href="http://inguza.com/" rel="noreferrer" target="_blank">http://inguza.com/</a> Mobile: +46<br>
>> (0)70-332 1551 <tel:%2B46%20%280%2970-332%201551> |<br>
>> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1<br>
>> B1CF 0FE5 3DD9 /<br>
>><br>
>> ---------------------------------------------------------------<br>
>><br>
>><br>
>><br>
>> --<br>
>> --- Inguza Technology AB --- MSc in Information<br>
>> Technology ----<br>
>> / <a href="mailto:ola@inguza.com">ola@inguza.com</a> <mailto:<a href="mailto:ola@inguza.com">ola@inguza.com</a>><br>
>> Annebergsslingan 37 \<br>
>> | <a href="mailto:opal@debian.org">opal@debian.org</a> <mailto:<a href="mailto:opal@debian.org">opal@debian.org</a>><br>
>> 654 65 KARLSTAD |<br>
>> | <a href="http://inguza.com/" rel="noreferrer" target="_blank">http://inguza.com/</a> Mobile: +46<br>
>> (0)70-332 1551 <tel:%2B46%20%280%2970-332%201551> |<br>
>> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF<br>
>> 0FE5 3DD9 /<br>
>><br>
>> ---------------------------------------------------------------<br>
>><br>
>><br>
>><br>
>><br>
>><br>
>> --<br>
>> --- Inguza Technology AB --- MSc in Information Technology ----<br>
>> / <mailto:<a href="mailto:ola@inguza.com">ola@inguza.com</a>><a href="mailto:ola@inguza.com">ola@inguza.com</a> <mailto:<a href="mailto:ola@inguza.com">ola@inguza.com</a>><br>
>> Annebergsslingan 37 \<br>
>> | <mailto:<a href="mailto:opal@debian.org">opal@debian.org</a>><a href="mailto:opal@debian.org">opal@debian.org</a><br>
>> <mailto:<a href="mailto:opal@debian.org">opal@debian.org</a>> 654 65 KARLSTAD<br>
>> |<br>
>> | <<a href="http://inguza.com/" rel="noreferrer" target="_blank">http://inguza.com/</a>><a href="http://inguza.com/" rel="noreferrer" target="_blank">http://inguza.com/</a> Mobile:<br>
>> <a href="tel:%2B46%20%280%2970-332%201551" value="+46703321551">+46 (0)70-332 1551</a> <tel:%2B46%20%280%2970-332%201551> |<br>
>> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /<br>
>> ---------------------------------------------------------------<br>
>><br>
><br>
><br>
><br>
><br>
> --<br>
> --- Inguza Technology AB --- MSc in Information Technology ----<br>
> / <a href="mailto:ola@inguza.com">ola@inguza.com</a> <mailto:<a href="mailto:ola@inguza.com">ola@inguza.com</a>><br>
> Annebergsslingan 37 \<br>
> | <a href="mailto:opal@debian.org">opal@debian.org</a> <mailto:<a href="mailto:opal@debian.org">opal@debian.org</a>> 654 65<br>
> KARLSTAD |<br>
> | <a href="http://inguza.com/" rel="noreferrer" target="_blank">http://inguza.com/</a> Mobile: <a href="tel:%2B46%20%280%2970-332%201551" value="+46703321551">+46 (0)70-332 1551</a> |<br>
> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /<br>
> ---------------------------------------------------------------<br>
><br>
<br>
</blockquote></div>