CloudStack and the "Ghost" glibc vulnerability

["linuxbqj@gmail.com" <li...@gmail.com>]

UPDATE: mitigation instructions have been improved (don't update
openswan) and we forgot to mention rebooting.
UPDATE: Links to updated System VM templates are now below

Yesterday, a buffer overflow vulnerability was announced in glibc that
affects most current Linux distributions. In CloudStack, the system
VMs contain a vulnerable version of glibc.

CloudStack community members have built an updated system VM template,
which ShapeBlue is hosting at
http://packages.shapeblue.com/systemvmtemplate/ (More information on
the packages at http://shapeblue.com/packages).

For instructions on how to update the SystemVM template in CloudStack, see here.

For those who wish to patch their running system VMs, ssh into each one and run:

apt-mark hold openswan
apt-get clean
apt-get update && apt-get upgrade

After updating glibc, the system will need to be rebooted.

Information about how to connect to your System VMs is available here.

Other CloudStack-related systems may be affected!

Please review security updates from Linux distributions you use on
your management server, storage systems, hypervisors, as well as other
Linux VMs and bare-metal systems running in your environments. This
post provides instructions for determining if a system is vulnerable,
as well as patching directions for common Linux distributions.




-- 
白清杰 (Born Bai)

Mail: linuxbqj@gmail.com