OpenVZ Kernel jockies...
Anyone like to comment on if they think this could be exploited from a
guest VM to execute code on the host node? This seems pretty serious
and exploits are in the wild.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
http://www.securityfocus.com/archive/1/archive/1/505751/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
Patches are starting to work their way into the distros:
http://lists.debian.org/debian-security-announce/2009/msg00179.html
http://lists.debian.org/debian-security-announce/2009/msg00181.html
I assume we'll need patched kernels quickly.
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
