UPDATE: mitigation instructions have been improved (don't update openswan) and we forgot to mention rebooting. UPDATE: Links to updated System VM templates are now below
Yesterday, a buffer overflow vulnerability was announced in glibc that affects most current Linux distributions. In CloudStack, the system VMs contain a vulnerable version of glibc. CloudStack community members have built an updated system VM template, which ShapeBlue is hosting at http://packages.shapeblue.com/systemvmtemplate/ (More information on the packages at http://shapeblue.com/packages). For instructions on how to update the SystemVM template in CloudStack, see here. For those who wish to patch their running system VMs, ssh into each one and run: apt-mark hold openswan apt-get clean apt-get update && apt-get upgrade After updating glibc, the system will need to be rebooted. Information about how to connect to your System VMs is available here. Other CloudStack-related systems may be affected! Please review security updates from Linux distributions you use on your management server, storage systems, hypervisors, as well as other Linux VMs and bare-metal systems running in your environments. This post provides instructions for determining if a system is vulnerable, as well as patching directions for common Linux distributions. -- 白清杰 (Born Bai) Mail: linux...@gmail.com