<p dir="ltr">For those using proxmox, they are aware of it as well and released a patch to their "pve-test" repository. </p>
<p dir="ltr"><a href="http://forum.proxmox.com/threads/22127-Venom-vulnerablity">http://forum.proxmox.com/threads/22127-Venom-vulnerablity</a></p>
<div class="gmail_quote">On May 14, 2015 8:40 AM, "Laws, Peter C." <<a href="mailto:plaws@ou.edu">plaws@ou.edu</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">VirtualBox/Mac didn't have an update last night but they do now.<br>
<br>
--<br>
Peter Laws / N5UWY<br>
National Weather Center / Network Operations Center<br>
University of Oklahoma Information Technology<br>
<a href="mailto:plaws@ou.edu">plaws@ou.edu</a> (Remote)<br>
College of Architecture, Division of Regional and City Planning, MRCP '16<br>
________________________________________<br>
From: Skaggs, Gary A. [<a href="mailto:gskaggs@ou.edu">gskaggs@ou.edu</a>]<br>
Sent: Wednesday, May 13, 2015 20:19<br>
To: NITC Distribution List<br>
Subject: [nitc] FW: VENOM vulnerability<br>
<br>
For all of you running VMs, a good/timely read.<br>
<br>
Gary<br>
<br>
<br>
From: <Kurz>, "Kenneth J." <<a href="mailto:kkurz@ou.edu">kkurz@ou.edu</a><mailto:<a href="mailto:kkurz@ou.edu">kkurz@ou.edu</a>>><br>
Date: Wednesday, May 13, 2015 at 7:32 PM<br>
To: Norman-Networking <<a href="mailto:network@ou.edu">network@ou.edu</a><mailto:<a href="mailto:network@ou.edu">network@ou.edu</a>>>, "Security (Norman)" <<a href="mailto:security@ou.edu">security@ou.edu</a><mailto:<a href="mailto:security@ou.edu">security@ou.edu</a>>>, unix_group <<a href="mailto:unix@ou.edu">unix@ou.edu</a><mailto:<a href="mailto:unix@ou.edu">unix@ou.edu</a>>>, "Steward, Shad (HSC)" <<a href="mailto:Shad-Steward@ouhsc.edu">Shad-Steward@ouhsc.edu</a><mailto:<a href="mailto:Shad-Steward@ouhsc.edu">Shad-Steward@ouhsc.edu</a>>>, "Saliba, Dana M. (HSC)" <<a href="mailto:Dana-Saliba@ouhsc.edu">Dana-Saliba@ouhsc.edu</a><mailto:<a href="mailto:Dana-Saliba@ouhsc.edu">Dana-Saliba@ouhsc.edu</a>>>, "Moore, Randy W. (HSC)" <<a href="mailto:Randy-Moore@ouhsc.edu">Randy-Moore@ouhsc.edu</a><mailto:<a href="mailto:Randy-Moore@ouhsc.edu">Randy-Moore@ouhsc.edu</a>>>, "Smith, Bryan E. (IT) (HSC)" <<a href="mailto:Bryan-E-Smith@ouhsc.edu">Bryan-E-Smith@ouhsc.edu</a><mailto:<a href="mailto:Bryan-E-Smith@ouhsc.edu">Bryan-E-Smith@ouhsc.edu</a>>>, "Bighorse, Aaron L." <<a href="mailto:bighorse@ou.edu">bighorse@ou.edu</a><mailto:<a href="mailto:bighorse@ou.edu">bighorse@ou.edu</a>>>, "George, Kendall A." <<a href="mailto:kendallg@ou.edu">kendallg@ou.edu</a><mailto:<a href="mailto:kendallg@ou.edu">kendallg@ou.edu</a>>><br>
Subject: VENOM vulnerability<br>
<br>
All,<br>
<br>
Attached is the best summary I’ve seen about the VENOM vulnerability that is making headlines. It is a vulnerability than can open access to host systems (once a running VM is compromised) and all other VM’s running on a host. VMWare and Hyper-V are NOT affected.<br>
<br>
The reason I forwarded on is I know there are a number of people running Virtualbox, ubuntu, redhat, etc, to run VMs. They are all affected. As well as products by Fireeye, F5, others, etc. Info is at the link below.<br>
<br>
<a href="http://venom.crowdstrike.com/" target="_blank">http://venom.crowdstrike.com/</a><br>
<br>
Ken<br>
<br>
-----------------------------------------------<br>
Ken Kurz, CISSP<br>
Executive Director, Networking, Information Security & Risk Management<br>
University of Oklahoma Information Technology<br>
<a href="tel:405-325-6441" value="+14053256441">405-325-6441</a> – O<br>
<a href="tel:405-534-6079" value="+14055346079">405-534-6079</a> – C<br>
<a href="http://www.ou.edu/ouit" target="_blank">www.ou.edu/ouit</a><<a href="http://www.ou.edu/ouit" target="_blank">http://www.ou.edu/ouit</a>><br>
-----------------------------------------------<br>
<br>
<br>
---<br>
<br>
You are currently subscribed to nitc as: <a href="mailto:plaws@ou.edu">plaws@ou.edu</a><mailto:<a href="mailto:plaws@ou.edu">plaws@ou.edu</a>> .<br>
<br>
To unsubscribe click here: <a href="http://lists.nwc.ou.edu/u?id=1311.7bb060764a818184ebb1cc0d43d382aa&n=T&l=nitc&o=706549" target="_blank">http://lists.nwc.ou.edu/u?id=1311.7bb060764a818184ebb1cc0d43d382aa&n=T&l=nitc&o=706549</a><br>
<br>
(It may be necessary to cut and paste the above URL if the line is broken)<br>
<br>
or send a blank email to <a href="mailto:leave-706549-1311.7bb060764a818184ebb1cc0d43d382aa@lists.nwc.ou.edu">leave-706549-1311.7bb060764a818184ebb1cc0d43d382aa@lists.nwc.ou.edu</a><mailto:<a href="mailto:leave-706549-1311.7bb060764a818184ebb1cc0d43d382aa@lists.nwc.ou.edu">leave-706549-1311.7bb060764a818184ebb1cc0d43d382aa@lists.nwc.ou.edu</a>><br>
<br>
<br>
---<br>
You are currently subscribed to nitc as: <a href="mailto:brianhart@ou.edu">brianhart@ou.edu</a>.<br>
To unsubscribe click here: <a href="http://lists.nwc.ou.edu/u?id=7885.5c22590152f4f53f3c05cf7cc6aa0b6b&n=T&l=nitc&o=707549" target="_blank">http://lists.nwc.ou.edu/u?id=7885.5c22590152f4f53f3c05cf7cc6aa0b6b&n=T&l=nitc&o=707549</a><br>
or send a blank email to <a href="mailto:leave-707549-7885.5c22590152f4f53f3c05cf7cc6aa0b6b@lists.nwc.ou.edu">leave-707549-7885.5c22590152f4f53f3c05cf7cc6aa0b6b@lists.nwc.ou.edu</a><br>
</blockquote></div>
<p>---</p>
<p>You are currently subscribed to nitc as: <a href="mailto:woc-notify@list.woc.noaa.gov">woc-notify@list.woc.noaa.gov</a>
.</p>
<p>To unsubscribe click here: <a href="http://lists.nwc.ou.edu/u?id=47164.3d6e8cdf62c3b687501808cc1203704d&n=T&l=nitc&o=707551">http://lists.nwc.ou.edu/u?id=47164.3d6e8cdf62c3b687501808cc1203704d&n=T&l=nitc&o=707551</a>
</p>
<p>(It may be necessary to cut and paste the above URL if the line is broken)</p>
<p>or send a blank email to <a href="mailto:leave-707551-47164.3d6e8cdf62c3b687501808cc1203704d@lists.nwc.ou.edu">leave-707551-47164.3d6e8cdf62c3b687501808cc1203704d@lists.nwc.ou.edu</a>
</p>