Thursday, May 14, 2015

VENOM vulnerability(CVE-2015-3456)

For those of you with Linodes and are curious/concerned about the recent VENOM (CVE-2015-3456) vulnerability, this Linode blog entry describes the vulnerability and why Linode VPSs aren't affected.

Even if you've no Linode, it would behoove you to understand the vulnerability so that you can ask questions of your VPS provider to ensure you're not affected by this vulnerability.  And note that this vulnerability affects QEMU, which is an open-source emulator.  That means that it's free (as in source and beer) and that it'll most likely be widespread in use.  Many IT security products use virtualization and if they're using QEMU, that's a problem, this can be as widespread an issue as Heartbleed was.

I'll be sure to post as I discover more information about this vulnerability.
Post a Comment