OpenVZ Forum


Home » General » Support » vzdev & CVE-2009-1185 ?
vzdev & CVE-2009-1185 ? [message #35732] Sat, 18 April 2009 23:39 Go to next message
mstauber is currently offline  mstauber
Messages: 7
Registered: April 2009
Junior Member
Hi all,

On CentOS5 OS templates we're using vzdev-3.3.13-1.4.swsoft:

Now I'm somewhat wondering if it is affected by the vulnerability listed as CVE-2009-1185 or RHSA-2009:0427-01:

http://linuxcompatible.org/RHSA-20090427-01_Important_udev_s ecurity_update_p127899.html

http://c-skills.blogspot.com/2009/04/udev-trickery-cve-2009- 1185-and-cve.html

The SRPM of vzdev isn't available, nor do I have yet managed to get my hands on the exploit code to test it against one of my CentOS5 VPS's.

Could you guys please take a look at this and if necessary release an updated vzdev?

Thanks!

- Michael Stauber

[Updated on: Sat, 18 April 2009 23:51]

Report message to a moderator

Re: vzdev & CVE-2009-1185 ? [message #35756 is a reply to message #35732] Tue, 21 April 2009 04:54 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
vzdev provides only udev capability.
It doesn't contain udev binary.
"rpm -ql vzdev"

Report message to a moderator

Re: vzdev & CVE-2009-1185 ? [message #35771 is a reply to message #35756] Tue, 21 April 2009 18:16 Go to previous message
mstauber is currently offline  mstauber
Messages: 7
Registered: April 2009
Junior Member
Many thanks for the clarification!

Report message to a moderator

Previous Topic: about openVZ support thread problem
Next Topic: OpenVZ version to install?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Mon Dec 15 16:28:10 GMT 2025

Total time taken to generate the page: 0.11334 seconds
Powered by FUDforum Powered by Virtuozzo Containers