Hey, that makes no difference. The broken code is also being loaded when no floppy device is assigned to a VM. Proxmox is vulnerable against this. I already fixed that in my environment.
--- Henry Spanka > On 14 May 2015, at 12:00, [email protected] wrote: > > Send pve-user mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of pve-user digest..." > > > Today's Topics: > > 1. Re: Venom exploit? (Iosif Peterfi) > 2. Re: missing options (richard lucassen) > 3. Re: missing options (richard lucassen) > 4. Re: ERROR: unable to connect to VM 105 qmp socket - timeout > after 31 retries ([SOLTECSIS] Carles Xavier Munyoz Bald?) > 5. Re: missing options (richard lucassen) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 14 May 2015 07:39:51 +0200 > From: Iosif Peterfi <[email protected]> > To: "[email protected]" <[email protected]> > Subject: Re: [PVE-User] Venom exploit? > Message-ID: > <CA+M5w7vT=pd60q6C2q-6En9c-=0ysab1ovcw6yzqewfsmfj...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Does this bug affects Proxmox ? As far as I'm aware, there's no option to > add Floppy device to the VMs, not through the GUI at least. > > On Wed, May 13, 2015 at 11:35 PM, Laurent Dumont <[email protected]> > wrote: > >> You have to love the names they come up for CVE's now. I guess marketing >> really works after all. >> >> There seem to be a patch in the works for pve. >> >> http://pve.proxmox.com/pipermail/pve-devel/2015-May/015123.html >> >> >>> On 5/13/2015 4:14 PM, Paul Gray wrote: >>> >>> >>> http://arstechnica.com/security/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/ >>> >>> Apologies if this has been touched upon elsewhere, but has this been >>> addressed? >>> >>> -PG >>> _______________________________________________ >>> pve-user mailing list >>> [email protected] >>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >> >> -- >> Laurent Dumont >> coldnorthadmin.com >> >> >> _______________________________________________ >> pve-user mailing list >> [email protected] >> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://pve.proxmox.com/pipermail/pve-user/attachments/20150514/ac746732/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Thu, 14 May 2015 09:40:42 +0200 > From: richard lucassen <[email protected]> > To: [email protected] > Subject: Re: [PVE-User] missing options > Message-ID: <[email protected]> > Content-Type: text/plain; charset=US-ASCII > > On Wed, 13 May 2015 12:44:37 +0200 > Emmanuel Kasper <[email protected]> wrote: > > The file: > > /usr/share/pve-manager/ext4/pvemanagerlib.js > > is part of the "pve-manager" package. There is a big difference between > the two files of working cluster and the non-working cluster. Is this > file generated or should it be a file with fixed content? (if yes, it > should not be in /usr/share IMHO) > > R. > > -- > ___________________________________________________________________ > It is better to remain silent and be thought a fool, than to speak > aloud and remove all doubt. > > +------------------------------------------------------------------+ > | Richard Lucassen, Utrecht | > +------------------------------------------------------------------+ > > > ------------------------------ > > Message: 3 > Date: Thu, 14 May 2015 09:54:24 +0200 > From: richard lucassen <[email protected]> > To: [email protected] > Subject: Re: [PVE-User] missing options > Message-ID: <[email protected]> > Content-Type: text/plain; charset=US-ASCII > > On Thu, 14 May 2015 09:40:42 +0200 > richard lucassen <[email protected]> wrote: > >> /usr/share/pve-manager/ext4/pvemanagerlib.js > > After a apt-get install --reinstall the files have equal md5sums. > > R. > > -- > ___________________________________________________________________ > It is better to remain silent and be thought a fool, than to speak > aloud and remove all doubt. > > +------------------------------------------------------------------+ > | Richard Lucassen, Utrecht | > +------------------------------------------------------------------+ > > > ------------------------------ > > Message: 4 > Date: Thu, 14 May 2015 10:29:19 +0200 > From: "[SOLTECSIS] Carles Xavier Munyoz Bald?" > <[email protected]> > To: [email protected] > Subject: Re: [PVE-User] ERROR: unable to connect to VM 105 qmp socket > - timeout after 31 retries > Message-ID: <[email protected]> > Content-Type: text/plain; charset=windows-1252 > > Good morning, > We are still having this problem and it is becoming a very serious problem. > > We have several installations of Proxmox and we have seen that it is > happening in all installations with the last Proxmox version (3.4-3) and > with qcow2 disks. > > We have seen that in all installations with Proxmox 3.4-3 and in virtual > machines with qcow2 disks the problem is happening. It happens very > randomly. When one VM has the problem, after rebooting it killing the > kvm process with kill -9, it may go fine several days but then fails again. > > We have seen that in other installations with previos versions of > Proxmox all is going fine. > > All of this make us think that there is a bug in the software included > in the last Proxmox version. > Anyone has had problems like this? > > We are thinking about downgrade Proxmox version to 3.1, is it possible? > How can we do it? > > Best regards. > > > > El 07/05/15 a las 10:55, "[SOLTECSIS] Carles Xavier Munyoz Bald?" escribi?: >> Hello, >> It seems that converting the qcow2 virtual disk file to the last qcow2 >> format solves the problem. >> >> In a virtual machine with the problem, before the conversi?n, the >> qemu-img info comands shows this: >> [...] >> # qemu-img info disk.qcow2.OLD >> image: disk.qcow2.OLD >> file format: qcow2 >> virtual size: 32G (34359738368 bytes) >> disk size: 8.3G >> cluster_size: 65536 >> Format specific information: >> compat: 0.10 >> [...] >> >> After the virtual disk conversion using the command: >> # qemu-img convert -O qcow2 disk.qcow2.OLD disk.qcow2 >> the info command shows: >> [...] >> # qemu-img info disk.qcow2 >> image: disk.qcow2 >> file format: qcow2 >> virtual size: 32G (34359738368 bytes) >> disk size: 8.1G >> cluster_size: 65536 >> Format specific information: >> compat: 1.1 >> lazy refcounts: false >> corrupt: false >> [...] >> >> We are waiting a prudential time in order to conclude that the problem >> is solved, but since the conversion the virtual machines are stable. >> >> The conversion moves the virtual disk qcow2 file from compat: 0.10 to >> compat: 1.1. Is it possible that the software under Proxmox 3.4 is >> incompatible with qcow2 files compat: 0.10? >> As I said in my first e-mail, we were running the virtual machines >> without problems until we upgrade Proxmox from 3.1 to 3.4. >> >> Best regards. >> >> >> El 05/05/15 a las 19:18, "[SOLTECSIS] Carles Xavier Munyoz Bald?" escribi?: >>> More info about the problem ... >>> It seems that the virtual machines lost access to its disks, because >>> there are no logs in the /var/log/syslog file since the problem until de >>> hard reboot. >>> >>> The two virtual machines use qcow2 virtual disks. >>> ?Should I do something in the virtual disks after the upgrade? >>> >>> >>> El 05/05/15 a las 19:14, "[SOLTECSIS] Carles Xavier Munyoz Bald?" escribi?: >>>> Hello, >>>> Yes, I rebooted the entire host server because in the updates where >>>> included a new kernel. >>>> >>>> The problem arises after the upgrade and host server reboot. And it is >>>> not inmediatly after the virtual machines boot, it has happen after >>>> several hours of normal operation and the two virtual machines where not >>>> affected at the same time. >>>> >>>> Thank you for your help. >>>> >>>> >>>> El 05/05/15 a las 19:00, Michael Rasmussen escribi?: >>>>> On Tue, 05 May 2015 18:50:42 +0200 >>>>> "[SOLTECSIS] Carles Xavier Munyoz Bald?" <[email protected]> >>>>> wrote: >>>>> >>>>>> A few hours after upgrade, I have had problems with two different >>>>>> virtual machines, one with Windows and the other one with Linux. The >>>>>> virtual machines have been stopped working. I have tried to access the >>>>>> console of them but it was not possible and in the /var/log/syslogfile I >>>>>> have seen errors like these: >>>>> Did you stop and start the VM's after updating proxmox? >>>>> >>>>> proxmox 3.1 -> 3.4 includes a major upgrade of qemu why a stop and >>>>> start of the VM's is required. >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> pve-user mailing list >>>>> [email protected] >>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >>>> >>>> ======================================== >>>> SOLTECSIS SOLUCIONES TECNOLOGICAS, S.L. >>>> Carles Xavier Munyoz Bald? >>>> Departamento de I+D+I >>>> Tel./Fax: 966 446 046 >>>> [email protected] >>>> www.soltecsis.com >>>> ======================================== >>>> >>>> --- >>>> La informaci?n contenida en este e-mail es confidencial, >>>> siendo para uso exclusivo del destinatario arriba mencionado. >>>> Le informamos que est? totalmente prohibida cualquier >>>> utilizaci?n, divulgaci?n, distribuci?n y/o reproducci?n de >>>> esta comunicaci?n sin autorizaci?n expresa en virtud de la >>>> legislaci?n vigente. Si ha recibido este mensaje por error, >>>> le rogamos nos lo notifique inmediatamente por la misma v?a >>>> y proceda a su eliminaci?n. >>>> --- >>>> _______________________________________________ >>>> pve-user mailing list >>>> [email protected] >>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > ======================================== > SOLTECSIS SOLUCIONES TECNOLOGICAS, S.L. > Carles Xavier Munyoz Bald? > Departamento de I+D+I > Tel./Fax: 966 446 046 > [email protected] > www.soltecsis.com > ======================================== > > --- > La informaci?n contenida en este e-mail es confidencial, > siendo para uso exclusivo del destinatario arriba mencionado. > Le informamos que est? totalmente prohibida cualquier > utilizaci?n, divulgaci?n, distribuci?n y/o reproducci?n de > esta comunicaci?n sin autorizaci?n expresa en virtud de la > legislaci?n vigente. Si ha recibido este mensaje por error, > le rogamos nos lo notifique inmediatamente por la misma v?a > y proceda a su eliminaci?n. > --- > > > ------------------------------ > > Message: 5 > Date: Thu, 14 May 2015 11:04:54 +0200 > From: richard lucassen <[email protected]> > To: [email protected] > Subject: Re: [PVE-User] missing options > Message-ID: <[email protected]> > Content-Type: text/plain; charset=US-ASCII > > On Wed, 13 May 2015 12:44:37 +0200 > Emmanuel Kasper <[email protected]> wrote: > > Having lost too much time on this issue, I decided to apply a > Microsoft solution: do a reinstall. But before that I did some > Microsoft don't-know-why-don't-know-what trial and error. One of > the first things I added was: > > email_from: [email protected] > > (which was one of the differences between the two clusters) > to /etc/pve/datacenter.cfg, reloaded the page and everything was there. > > This seems to be a nice bug. > > R. > > -- > ___________________________________________________________________ > Program complexity grows until it exceeds the capabilities of the > programmer who must maintain it. Laws of Computer Programming, VII > > +------------------------------------------------------------------+ > | Richard Lucassen, Utrecht | > +------------------------------------------------------------------+ > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > pve-user mailing list > [email protected] > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > ------------------------------ > > End of pve-user Digest, Vol 86, Issue 15 > ****************************************
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
