[PVE-User] pve-user Digest, Vol 86, Issue 15

Henry Spanka henry at myvirtualserver.de
Thu May 14 12:41:29 CEST 2015


Hey,
that makes no difference. The broken code is also being loaded when no floppy device is
assigned to a VM. Proxmox is vulnerable against this. I already fixed that in my environment.

---

Henry Spanka

> On 14 May 2015, at 12:00, pve-user-request at pve.proxmox.com wrote:
> 
> Send pve-user mailing list submissions to
>    pve-user at pve.proxmox.com
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> or, via email, send a message with subject or body 'help' to
>    pve-user-request at pve.proxmox.com
> 
> You can reach the person managing the list at
>    pve-user-owner at pve.proxmox.com
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of pve-user digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: Venom exploit? (Iosif Peterfi)
>   2. Re: missing options (richard lucassen)
>   3. Re: missing options (richard lucassen)
>   4. Re: ERROR: unable to connect to VM 105 qmp socket - timeout
>      after 31 retries ([SOLTECSIS] Carles Xavier Munyoz Bald?)
>   5. Re: missing options (richard lucassen)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Thu, 14 May 2015 07:39:51 +0200
> From: Iosif Peterfi <iosif.peterfi at gmail.com>
> To: "pve-user at pve.proxmox.com" <pve-user at pve.proxmox.com>
> Subject: Re: [PVE-User] Venom exploit?
> Message-ID:
>    <CA+M5w7vT=pd60q6C2q-6En9c-=0ysAB1Ovcw6yZqeWfSMfJiqg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
> Does this bug affects Proxmox ? As far as I'm aware, there's no option to
> add Floppy device to the VMs, not through the GUI at least.
> 
> On Wed, May 13, 2015 at 11:35 PM, Laurent Dumont <admin at coldnorthadmin.com>
> wrote:
> 
>> You have to love the names they come up for CVE's now. I guess marketing
>> really works after all.
>> 
>> There seem to be a patch in the works for pve.
>> 
>> http://pve.proxmox.com/pipermail/pve-devel/2015-May/015123.html
>> 
>> 
>>> On 5/13/2015 4:14 PM, Paul Gray wrote:
>>> 
>>> 
>>> http://arstechnica.com/security/2015/05/extremely-serious-virtual-machine-bug-threatens-cloud-providers-everywhere/
>>> 
>>> Apologies if this has been touched upon elsewhere, but has this been
>>> addressed?
>>> 
>>> -PG
>>> _______________________________________________
>>> pve-user mailing list
>>> pve-user at pve.proxmox.com
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>> 
>> --
>> Laurent Dumont
>> coldnorthadmin.com
>> 
>> 
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20150514/ac746732/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 2
> Date: Thu, 14 May 2015 09:40:42 +0200
> From: richard lucassen <mailinglists at lucassen.org>
> To: pve-user at pve.proxmox.com
> Subject: Re: [PVE-User] missing options
> Message-ID: <20150514094042.e3c7c836a98e417db7517e09 at lucassen.org>
> Content-Type: text/plain; charset=US-ASCII
> 
> On Wed, 13 May 2015 12:44:37 +0200
> Emmanuel Kasper <e.kasper at proxmox.com> wrote:
> 
> The file:
> 
> /usr/share/pve-manager/ext4/pvemanagerlib.js
> 
> is part of the "pve-manager" package. There is a big difference between
> the two files of working cluster and the non-working cluster. Is this
> file generated or should it be a file with fixed content? (if yes, it
> should not be in /usr/share IMHO)
> 
> R.
> 
> -- 
> ___________________________________________________________________
> It is better to remain silent and be thought a fool, than to speak
> aloud and remove all doubt.
> 
> +------------------------------------------------------------------+
> | Richard Lucassen, Utrecht                                        |
> +------------------------------------------------------------------+
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Thu, 14 May 2015 09:54:24 +0200
> From: richard lucassen <mailinglists at lucassen.org>
> To: pve-user at pve.proxmox.com
> Subject: Re: [PVE-User] missing options
> Message-ID: <20150514095424.fed25ef4bfd4eb85c9f40d47 at lucassen.org>
> Content-Type: text/plain; charset=US-ASCII
> 
> On Thu, 14 May 2015 09:40:42 +0200
> richard lucassen <mailinglists at lucassen.org> wrote:
> 
>> /usr/share/pve-manager/ext4/pvemanagerlib.js
> 
> After a apt-get install --reinstall the files have equal md5sums.
> 
> R.
> 
> -- 
> ___________________________________________________________________
> It is better to remain silent and be thought a fool, than to speak
> aloud and remove all doubt.
> 
> +------------------------------------------------------------------+
> | Richard Lucassen, Utrecht                                        |
> +------------------------------------------------------------------+
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Thu, 14 May 2015 10:29:19 +0200
> From: "[SOLTECSIS] Carles Xavier Munyoz Bald?"
>    <carles at unlimitedmail.org>
> To: pve-user at pve.proxmox.com
> Subject: Re: [PVE-User] ERROR: unable to connect to VM 105 qmp socket
>    - timeout after 31 retries
> Message-ID: <55545CDF.5050707 at unlimitedmail.org>
> Content-Type: text/plain; charset=windows-1252
> 
> Good morning,
> We are still having this problem and it is becoming a very serious problem.
> 
> We have several installations of Proxmox and we have seen that it is
> happening in all installations with the last Proxmox version (3.4-3) and
> with qcow2 disks.
> 
> We have seen that in all installations with Proxmox 3.4-3 and in virtual
> machines with qcow2 disks the problem is happening. It happens very
> randomly. When one VM has the problem, after rebooting it killing the
> kvm process with kill -9, it may go fine several days but then fails again.
> 
> We have seen that in other installations with previos versions of
> Proxmox all is going fine.
> 
> All of this make us think that there is a bug in the software included
> in the last Proxmox version.
> Anyone has had problems like this?
> 
> We are thinking about downgrade Proxmox version to 3.1, is it possible?
> How can we do it?
> 
> Best regards.
> 
> 
> 
> El 07/05/15 a las 10:55, "[SOLTECSIS] Carles Xavier Munyoz Bald?" escribi?:
>> Hello,
>> It seems that converting the qcow2 virtual disk file to the last qcow2
>> format solves the problem.
>> 
>> In a virtual machine with the problem, before the conversi?n, the
>> qemu-img info comands shows this:
>> [...]
>> # qemu-img info disk.qcow2.OLD
>> image: disk.qcow2.OLD
>> file format: qcow2
>> virtual size: 32G (34359738368 bytes)
>> disk size: 8.3G
>> cluster_size: 65536
>> Format specific information:
>>    compat: 0.10
>> [...]
>> 
>> After the virtual disk conversion using the command:
>> # qemu-img convert -O qcow2 disk.qcow2.OLD disk.qcow2
>> the info command shows:
>> [...]
>> # qemu-img info disk.qcow2
>> image: disk.qcow2
>> file format: qcow2
>> virtual size: 32G (34359738368 bytes)
>> disk size: 8.1G
>> cluster_size: 65536
>> Format specific information:
>>    compat: 1.1
>>    lazy refcounts: false
>>    corrupt: false
>> [...]
>> 
>> We are waiting a prudential time in order to conclude that the problem
>> is solved, but since the conversion the virtual machines are stable.
>> 
>> The conversion moves the virtual disk qcow2 file from compat: 0.10 to
>> compat: 1.1. Is it possible that the software under Proxmox 3.4 is
>> incompatible with qcow2 files compat: 0.10?
>> As I said in my first e-mail, we were running the virtual machines
>> without problems until we upgrade Proxmox from 3.1 to 3.4.
>> 
>> Best regards.
>> 
>> 
>> El 05/05/15 a las 19:18, "[SOLTECSIS] Carles Xavier Munyoz Bald?" escribi?:
>>> More info about the problem ...
>>> It seems that the virtual machines lost access to its disks, because
>>> there are no logs in the /var/log/syslog file since the problem until de
>>> hard reboot.
>>> 
>>> The two virtual machines use qcow2 virtual disks.
>>> ?Should I do something in the virtual disks after the upgrade?
>>> 
>>> 
>>> El 05/05/15 a las 19:14, "[SOLTECSIS] Carles Xavier Munyoz Bald?" escribi?:
>>>> Hello,
>>>> Yes, I rebooted the entire host server because in the updates where
>>>> included a new kernel.
>>>> 
>>>> The problem arises after the upgrade and host server reboot. And it is
>>>> not inmediatly after the virtual machines boot, it has happen after
>>>> several hours of normal operation and the two virtual machines where not
>>>> affected at the same time.
>>>> 
>>>> Thank you for your help.
>>>> 
>>>> 
>>>> El 05/05/15 a las 19:00, Michael Rasmussen escribi?:
>>>>> On Tue, 05 May 2015 18:50:42 +0200
>>>>> "[SOLTECSIS] Carles Xavier Munyoz Bald?" <carles at unlimitedmail.org>
>>>>> wrote:
>>>>> 
>>>>>> A few hours after upgrade, I have had problems with two different
>>>>>> virtual machines, one with Windows and the other one with Linux. The
>>>>>> virtual machines have been stopped working. I have tried to access the
>>>>>> console of them but it was not possible and in the /var/log/syslogfile I
>>>>>> have seen errors like these:
>>>>> Did you stop and start the VM's after updating proxmox?
>>>>> 
>>>>> proxmox 3.1 -> 3.4 includes a major upgrade of qemu why a stop and
>>>>> start of the VM's is required.
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> pve-user mailing list
>>>>> pve-user at pve.proxmox.com
>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>> 
>>>> ========================================
>>>> SOLTECSIS SOLUCIONES TECNOLOGICAS, S.L.
>>>> Carles Xavier Munyoz Bald?
>>>> Departamento de I+D+I
>>>> Tel./Fax: 966 446 046
>>>> cmunyoz at soltecsis.com
>>>> www.soltecsis.com
>>>> ========================================
>>>> 
>>>> ---
>>>> La informaci?n contenida en este e-mail es confidencial,
>>>> siendo para uso exclusivo del destinatario arriba mencionado.
>>>> Le informamos que est? totalmente prohibida cualquier
>>>> utilizaci?n, divulgaci?n, distribuci?n y/o reproducci?n de
>>>> esta comunicaci?n sin autorizaci?n expresa en virtud de la
>>>> legislaci?n vigente. Si ha recibido este mensaje por error,
>>>> le rogamos nos lo notifique inmediatamente por la misma v?a
>>>> y proceda a su eliminaci?n.
>>>> ---
>>>> _______________________________________________
>>>> pve-user mailing list
>>>> pve-user at pve.proxmox.com
>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> 
> ========================================
> SOLTECSIS SOLUCIONES TECNOLOGICAS, S.L.
> Carles Xavier Munyoz Bald?
> Departamento de I+D+I
> Tel./Fax: 966 446 046
> cmunyoz at soltecsis.com
> www.soltecsis.com
> ========================================
> 
> ---
> La informaci?n contenida en este e-mail es confidencial,
> siendo para uso exclusivo del destinatario arriba mencionado.
> Le informamos que est? totalmente prohibida cualquier
> utilizaci?n, divulgaci?n, distribuci?n y/o reproducci?n de
> esta comunicaci?n sin autorizaci?n expresa en virtud de la
> legislaci?n vigente. Si ha recibido este mensaje por error,
> le rogamos nos lo notifique inmediatamente por la misma v?a
> y proceda a su eliminaci?n.
> ---
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Thu, 14 May 2015 11:04:54 +0200
> From: richard lucassen <mailinglists at lucassen.org>
> To: pve-user at pve.proxmox.com
> Subject: Re: [PVE-User] missing options
> Message-ID: <20150514110454.2427e12679e29a2ed361b8b5 at lucassen.org>
> Content-Type: text/plain; charset=US-ASCII
> 
> On Wed, 13 May 2015 12:44:37 +0200
> Emmanuel Kasper <e.kasper at proxmox.com> wrote:
> 
> Having lost too much time on this issue, I decided to apply a
> Microsoft solution: do a reinstall. But before that I did some
> Microsoft don't-know-why-don't-know-what trial and error. One of
> the first things I added was:
> 
> email_from: sysop at domain.tld
> 
> (which was one of the differences between the two clusters)
> to /etc/pve/datacenter.cfg, reloaded the page and everything was there.
> 
> This seems to be a nice bug.
> 
> R.
> 
> -- 
> ___________________________________________________________________
> Program complexity grows until it exceeds the capabilities of the
> programmer who must maintain it.  Laws of Computer Programming, VII
> 
> +------------------------------------------------------------------+
> | Richard Lucassen, Utrecht                                        |
> +------------------------------------------------------------------+
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> 
> 
> ------------------------------
> 
> End of pve-user Digest, Vol 86, Issue 15
> ****************************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5272 bytes
Desc: not available
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20150514/19f81f29/attachment-0014.bin>


More information about the pve-user mailing list