amuck-landowner

10/28/14 Virtuozzo Container Breakout (#PSBM-29594

Geek

Geek

Technolojesus
Verified Provider
http://kb.sp.parallels.com/en/123301 --- will probably start to see patches from KC/KS in the next couple hours (hopefully)

  • A vulnerability in the RHEL6-based kernel discovered during internal security audit could allow access to the host filesystem from inside a Container. Only the kernels from 2.6.32-042stab057.1 to 2.6.32-042stab093.5 are affected. Kernel update is highly recommended. (#PSBM-29594)
 
Francisco

Francisco

Company Lube
Verified Provider
It could be that it only affects Virtuozzo.

They don't use SIMFS, they use some funky overlay/hardlinks deal.

Francisco
 
Geek

Geek

Technolojesus
Verified Provider
Francisco said:
It could be that it only affects Virtuozzo.


They don't use SIMFS, they use some funky overlay/hardlinks deal.


Francisco
Click to expand...

Possibly.  I've been going back and forth on Skype with one of the OpenVZ contributors who works with Kir and Konstantin, and the rest... and they're saying that ||s is being particularly quiet about this one, but to watch for updates regardless.  If that's true, at least it was revealed as part of their audit procedures.  -JE
 
Last edited by a moderator:
Geek

Geek

Technolojesus
Verified Provider
Crap. Well, at least it was discovered internally.

Virtuozzo core update 2.6.32-042stab094.7 2014-10-28 
This update includes a new Parallels Virtuozzo 
Containers for Linux 4.7 kernel (2.6.32-042stab090.5)
based on the Red Hat Enterprise Linux 6.5 kernel 
(2.6.32-431.17.1.el6). The new kernel introduces a security fix: - A critical vulnerability in the legacy simfs Container filesystem was fixed. Containers based on vzfs and ploop filesystems were not affected.
 
Last edited by a moderator:
Francisco

Francisco

Company Lube
Verified Provider
Geek said:
Crap. Well, at least it was discovered internally.

Virtuozzo core update 2.6.32-042stab094.7 2014-10-28 

This update includes a new Parallels Virtuozzo 

Containers for Linux 4.7 kernel (2.6.32-042stab090.5)

based on the Red Hat Enterprise Linux 6.5 kernel 

(2.6.32-431.17.1.el6). The new kernel introduces a security fix: - A critical vulnerability in the legacy simfs Container filesystem was fixed. Containers based on vzfs and ploop filesystems were not affected.
Click to expand...
Goddammit.

I guess back I go to testing ploop some more.

Francisco
 
You must log in or register to reply here.
Top
amuck-landowner