Dear all,
output /proc/meminfo was changed in 042stab120.x kernels.
we had claims that free inside centos7.2 containers showed used=0 in some
situations.
Thank you,
Vasily Averin
On 27.10.2016 14:36, Nick Knutov wrote:
> And it looks something is broken with memory, even with 120.5 - I
And it looks something is broken with memory, even with 120.5 - I see a
lot of containers became with memory usage == memory limit in our
monitoring graphs and `top` says free memory is 0 bytes now inside CT
25.10.2016 19:01, Dmitry Mishin пишет:
For those who missed an announce -
On 25/10/2016 15:01, Dmitry Mishin wrote:
> For those who missed an announce -
> https://openvz.org/Download/kernel/rhel6/042stab120.3 is available since
> 22 Oct.
>
> Thank you,
> Dmitry.
Hi,
There appears to be another kernel released for RHEL 6:
For those who missed an announce -
https://openvz.org/Download/kernel/rhel6/042stab120.3 is available since
22 Oct.
Thank you,
Dmitry.
On 22/10/16 16:07, "users-boun...@openvz.org on behalf of Scott Dowdle"
wrote:
>Greetings,
>
Greetings,
- Original Message -
> > According to the Red Hat bugzilla page
> > (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13), they
> > claim that EL5 and EL6 are not vulnerable
>
> No, they correctly claim the opposite.
Looking at that URL now (and remember what used to be
On Fri, Oct 21, 2016 at 04:43:16PM -0600, Scott Dowdle wrote:
> I still haven't heard if it has been verified that OpenVZ Legacy is
> vulnerable or not.
It is. Verified. The "pokemon" PoC works on RHEL6 & RHEL5, as long as
you have 2+ logical CPUs.
> According to the Red Hat bugzilla page
>
Apologies, this won't appear in the correct thread, as I was not on this
mailing list until a few moments ago.
Scott Dowdle wrote:
> I haven't tried an exploit program on an OpenVZ Legacy host node to try.
Anyone?
I have successfully exploited a Legacy node, running kernel
2.6.32-042stab055.16
Greetings,
- Original Message -
> > According to the Red Hat bugzilla page
> > (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13),
> > they claim that EL5 and EL6 are not vulnerable because
> > /proc/self/mem isn't writable by default.
>
> According to German IT magazine heise.de
Greetings,
- Original Message -
> Are there plans to release new Openvz 6 kernels in repository soon?
For some value of soon I would imagine.
I still haven't heard if it has been verified that OpenVZ Legacy is vulnerable
or not. According to the Red Hat bugzilla page
Hi Scott,
> According to the Red Hat bugzilla page
> (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13),
> they claim that EL5 and EL6 are not vulnerable because
> /proc/self/mem isn't writable by default.
According to German IT magazine heise.de this "default configuration"
implies
Greetings,
I tried some proof of concept code (cowroot.c) on an OpenVZ Legacy host as a
user and it didn't work. Then I made a CentOS container on the same host,
added a user, and tried to run cowroot as a user and it didn't work. When I
say work, I mean the exploit didn't work.
I only
Are there plans to release new Openvz 6 kernels in repository soon?
21.10.2016 22:00, Vasily Averin пишет:
For paid Virtuozzo customers (if any read this)
you can contact support for pre-released kernel.
Also all who affected can prepare fixed kernel by yourself
by using this patch:
Greetings,
- Original Message -
> Does OpenVZ affected by Dirty COW?
>
> What is the best solution to fix it now?
Every kernel released in the last 9 years is affected so far as I can tell.
TYL,
--
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931
For paid Virtuozzo customers (if any read this)
you can contact support for pre-released kernel.
Also all who affected can prepare fixed kernel by yourself
by using this patch:
http://www.spinics.net/lists/stable/msg147964.html
On 21.10.2016 19:39, Vasily Averin wrote:
> yes
> 2.6.22+ are
On Fri, Oct 21, 2016 at 07:39:12PM +0300, Vasily Averin wrote:
> yes
> 2.6.22+ are affected
According to Red Hat, RHEL5 is also affected, but the attack vector for
it is different from what we've seen in published reproducers.
Alexander
___
Users
yes
2.6.22+ are affected
here you can find an system tap script for mitigation:
https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13
On 21.10.2016 19:22, Nick Knutov wrote:
> Does OpenVZ affected by Dirty COW?
>
> What is the best solution to fix it now?
>
>
Does OpenVZ affected by Dirty COW?
What is the best solution to fix it now?
--
Best Regards,
Nick Knutov
http://knutov.com
ICQ: 272873706
Voice: +7-904-84-23-130
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users
17 matches
Mail list logo