cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rohit Yadav <rohit.ya...@shapeblue.com>
Subject Re: [VOTE] 4.11.3.0 RC1
Date Tue, 18 Jun 2019 20:32:34 GMT
Hi Wei, the workaround is only necessary when kernel security patch cannot be applied and afterwards
the host cannot be rebooted. For 4.11.3.0 rc1, the new systemvmtemplate has the latest kernel
security patch.

Regards.

Regards,
Rohit Yadav

________________________________
From: Wei ZHOU <ustcweizhou@gmail.com>
Sent: Wednesday, June 19, 2019 12:02:46 AM
To: dev@cloudstack.apache.org
Subject: Re: [VOTE] 4.11.3.0 RC1

Hi Rohit,

Do we need to change default iptable tables for cpvm and ssvm ?

# iptables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
# ip6tables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j
DROP
(see https://access.redhat.com/security/vulnerabilities/tcpsack)

-Wei


Rohit Yadav <rohit.yadav@shapeblue.com> 于2019年6月18日周二 上午11:57写道:

> All,
>
>
> Due to recently disclosed and fixed tcp/SACK vulnerability and other
> security issues (refer https://www.debian.org/security/2019/dsa-4465),
> I've rebuilt and synced new 4.11.3.0 systemvmtemplates which has linux
> 4.9.168-1+deb9u3 (2019-06-16):
>
>
> http://download.cloudstack.org/systemvm/testing/4.11.3-rc
>
> http://packages.shapeblue.com/testing/systemvm/41130rc1
>
>
> Kindly continue testing 4.11.3.0 RC1 using above systemvmtemplates. Thanks.
>
>
> Build log for reference:
> http://download.cloudstack.org/systemvm/testing/4.11.3-rc/build.log
>
>
> Regards,
>
> Rohit Yadav
>
> Software Architect, ShapeBlue
>
> https://www.shapeblue.com
>
> ________________________________
> From: Riepl, Gregor (SWISS TXT) <Gregor.Riepl@swisstxt.ch>
> Sent: Friday, June 14, 2019 7:45:58 PM
> To: dev@cloudstack.apache.org; users@cloudstack.apache.org
> Subject: Re: [VOTE] 4.11.3.0 RC1
>
> +1
>
> Based on:
> - Packages from http://packages.shapeblue.com/testing/41130rc1/ and
> http://packages.shapeblue.com/testing/systemvm/41130rc1/
> - Upgrade of our test cloud from 4.11.2 to 4.11.3 worked without problems
> (aside from the mentioned template issue)
> - Our internal smoke test stack ran successfully
>
> The only thing I'm a bit unhappy about is the backported ostype API fix:
> https://github.com/apache/cloudstack/pull/3066
> Since this is a breaking API change, I don't think it should be included
> in a minor release, even if it fixes an API bug.
> It triggers an error in Packer, which we use to create templates.
> However, a fix was already commited and will be in the next Packer
> release, so I'm ok'ing it: https://github.com/hashicorp/packer/pull/7694
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com<http://www.shapeblue.com>
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
>

rohit.yadav@shapeblue.com 
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue
  
 

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message