From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51998)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <pl@kamp.de>)
	id 1YscMY-0006t4-7d
	for qemu-devel@nongnu.org; Wed, 13 May 2015 15:30:39 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pl@kamp.de>) id 1YscMU-0003JN-3v
	for qemu-devel@nongnu.org; Wed, 13 May 2015 15:30:38 -0400
Received: from mx-v6.kamp.de ([2a02:248:0:51::16]:44607 helo=mx01.kamp.de)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <pl@kamp.de>)
	id 1YscMT-0003Hu-Oc
	for qemu-devel@nongnu.org; Wed, 13 May 2015 15:30:34 -0400
Message-ID: <5553A651.3060508@kamp.de>
Date: Wed, 13 May 2015 21:30:25 +0200
From: Peter Lieven <pl@kamp.de>
MIME-Version: 1.0
References: <1431527602-29889-1-git-send-email-jsnow@redhat.com>	<55539D17.7010000@weilnetz.de>
	<55539EFA.6050605@profihost.ag>	<5553A07E.6070608@weilnetz.de>
	<5553A17D.4090308@profihost.ag>
In-Reply-To: <5553A17D.4090308@profihost.ag>
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [Qemu-stable] [PATCH] fdc: force the fifo access
 to be in bounds of the allocated buffer
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Priebe <s.priebe@profihost.ag>, Stefan Weil <sw@weilnetz.de>, John Snow <jsnow@redhat.com>, qemu-stable@nongnu.org, peter.maydell@linaro.org
Cc: Petr Matousek <pmatouse@redhat.com>, qemu-devel@nongnu.org

Am 13.05.2015 um 21:09 schrieb Stefan Priebe:
> Am 13.05.2015 um 21:05 schrieb Stefan Weil:
>> Am 13.05.2015 um 20:59 schrieb Stefan Priebe:
>>>
>>> Am 13.05.2015 um 20:51 schrieb Stefan Weil:
>>>> Hi,
>>>>
>>>> I just noticed this patch because my provider told me that my KVM based
>>>> server
>>>> needs a reboot because of a CVE (see this German news:
>>>> http://www.heise.de/newsticker/meldung/Venom-Schwachstelle-Aus-Hypervisor-ausbrechen-und-VMs-ausspionieren-2649614.html)
>>>>
>>>
>>> Isn't a live migration to a fixed version enough instead of a reboot?
>>>
>>> Stefan
>>
>> Good point. A live migration would be sufficient - if there are no bugs
>> in QEMU's live migration.
>
> just migrating all our customer machines and wanted to be sure that live migration is enough.

Just to confirm: If Qemu is started with -nodefaults and there is no fdc configuration the system is not affected by this CVE?

Thanks,
Peter