cloudstack-users-cn mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "" <>
Subject CloudStack and the "Ghost" glibc vulnerability
Date Thu, 29 Jan 2015 03:20:53 GMT
UPDATE: mitigation instructions have been improved (don't update
openswan) and we forgot to mention rebooting.
UPDATE: Links to updated System VM templates are now below

Yesterday, a buffer overflow vulnerability was announced in glibc that
affects most current Linux distributions. In CloudStack, the system
VMs contain a vulnerable version of glibc.

CloudStack community members have built an updated system VM template,
which ShapeBlue is hosting at (More information on
the packages at

For instructions on how to update the SystemVM template in CloudStack, see here.

For those who wish to patch their running system VMs, ssh into each one and run:

apt-mark hold openswan
apt-get clean
apt-get update && apt-get upgrade

After updating glibc, the system will need to be rebooted.

Information about how to connect to your System VMs is available here.

Other CloudStack-related systems may be affected!

Please review security updates from Linux distributions you use on
your management server, storage systems, hypervisors, as well as other
Linux VMs and bare-metal systems running in your environments. This
post provides instructions for determining if a system is vulnerable,
as well as patching directions for common Linux distributions.

白清杰 (Born Bai)


View raw message