[Fwd: Re: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities]
sorry, this proposed boilerplate change was meant to go to the list, not just to dann. Thanks for all your work, folks. --dkg ---BeginMessage--- On 03/10/2010 04:53 PM, dann frazier wrote: On Wed, Mar 10, 2010 at 04:09:48PM -0500, Daniel Kahn Gillmor wrote: So would the 4th be fixed if i went ahead and rebuilt from the kvm_source package referenced by DSA-2010-1? Yes. Thank you for your prompt explanations, and for your patience, dann. I think i understand the situation now. Here is proposed boilerplate for future notices like this about kvm: Where it used to say: We recommend that you upgrade your kvm package. It could say: We recommend that you upgrade your kvm package. If your system is currently using a kvm-modules package built from previous versions of the kvm-source package, we recommend that you upgrade your kvm-source package, re-build a new kvm-modules package and install it. You should subsequently unload the old kvm modules from your kernel and reload the newly built kernel modules. The simplest way to accomplish this kernel module unload/reload is a system restart. Feel free to edit it as you see fit, of course. Regards, --dkg signature.asc Description: OpenPGP digital signature ---End Message--- signature.asc Description: OpenPGP digital signature
Re: [Fwd: Re: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities]
On Wed, 10 Mar 2010 17:21:45 -0500, Daniel Kahn Gillmor wrote: We recommend that you upgrade your kvm package. If your system is currently using a kvm-modules package built from previous versions of the kvm-source package, we recommend that you upgrade your kvm-source package, re-build a new kvm-modules package and install it. You should subsequently unload the old kvm modules from your kernel and reload the newly built kernel modules. The simplest way to accomplish this kernel module unload/reload is a system restart. a restart is (almost) never the answer. i think a better approach would be the following simple instructions if you have previously installed the kvm modules on your system, they need to be refreshed following an upgrade of your kvm packages. please execute the following commands as root after the new packages are installed: # m-a a-i kvm-source # modprobe kvm mike -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100310174410.1e99b2e5.michael.s.gilb...@gmail.com
Re: [Fwd: Re: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities]
On Wed, Mar 10, 2010 at 05:44:10PM -0500, Michael Gilbert wrote: On Wed, 10 Mar 2010 17:21:45 -0500, Daniel Kahn Gillmor wrote: We recommend that you upgrade your kvm package. If your system is currently using a kvm-modules package built from previous versions of the kvm-source package, we recommend that you upgrade your kvm-source package, re-build a new kvm-modules package and install it. You should subsequently unload the old kvm modules from your kernel and reload the newly built kernel modules. The simplest way to accomplish this kernel module unload/reload is a system restart. a restart is (almost) never the answer. i think a better approach would be the following simple instructions if you have previously installed the kvm modules on your system, they need to be refreshed following an upgrade of your kvm packages. please execute the following commands as root after the new packages are installed: # m-a a-i kvm-source # modprobe kvm If kvm is running, the above commands will succeed w/o error - but still leave you with a vulnerable system. You would need to shutdown all users of kvm and unload the existing module as well. -- dann frazier -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100311004114.ge1...@lackof.org