Re: [PLUG] Venom

Keith C. Perry on 15 May 2015 08:53:15 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Venom

From: "Keith C. Perry" <kperry@daotechnologies.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Venom
Date: Fri, 15 May 2015 11:53:09 -0400 (EDT)
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
Thread-index: eiTjhM/4QCG1T8mXhRc6cDvC3gQYCA==
Thread-topic: Venom

LOL, I was just thinking that too Thomas.  This isn't even up on the US-CERT list (though is obviously up on the main CVE site).  The patch is in the QEMU's dev repository (git) but I'm going to wait next QEMU release and just recompile on my VM hosts.  This attack vector would require a number of other security compromises so I wouldn't score it that high.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
Keith C. Perry, MS E.E. 
Owner, DAO Technologies LLC 
(O) +1.215.525.4165 x2033 
(M) +1.215.432.5167 
www.daotechnologies.com

----- Original Message -----
From: "Thomas Delrue" <delrue.thomas@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Friday, May 15, 2015 11:49:36 AM
Subject: Re: [PLUG] Venom

On 05/15/2015 11:07 AM, Anthony Martin wrote:
> Was wondering what people thought about this and had any suggestions that
> didn't involve having to reboot the hundreds of vms we have.
> https://access.redhat.com/articles/1444903

I stopped caring about 'branded bugs' a while ago... *especially* if
they have a logo
(https://c1.staticflickr.com/9/8710/17595272316_46b040b293_m.jpg)

While I don't agree with everything in the following article, the author
does make a couple of good points:
http://techrights.org/2015/05/14/venom-is-not-a-serious-bug-its-just-a-marketing-campaign-from-crowdstrike/
And I do agree with the conclusion: "How much more of this FUD is going
to circulate before journalists realise (sic) that they make a mountain
out of a molehill?"

If you really want to know which bugs to keep an eye on, I recommend
http://www.cvedetails.com/ and other sites like it instead of 'journalists'.
[cynicism off]
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Venom
  - From: Anthony Martin <anthony.j.martin142@gmail.com>
- Re: [PLUG] Venom
  - From: Thomas Delrue <delrue.thomas@gmail.com>

Prev by Date: Re: [PLUG] Venom
Next by Date: Re: [PLUG] Venom
Previous by thread: Re: [PLUG] Venom
Next by thread: Re: [PLUG] Venom
Index(es):
- Date
- Thread