Vulnerability CVE-2015-3456 (VENOM). Updating KVM/QEMU

Yesterday, information was published about the vulnerability CVE-2015-3456, called VENOM. The vulnerability relates to the KVM/QEMU virtualization system, which is built into the Linux kernel and is widely used to organize VDS nodes. A critical error was discovered in the software implementation of a virtual floppy drive, which could potentially allow an attacker to crash a virtual machine or, in some cases, execute arbitrary code on the host machine. More information about CVE-2015-3456 can be found in the articles USN-2608-1: QEMU vulnerabilities, VENOM: QEMU vulnerability (CVE-2015-3456) and on the website of the company Crowdstrike. Note that there are currently no publicly available tools that allow hacking a host machine, but they may become available in the future. Our host machines that support VDS clusters run on the latest, current versions of KVM/QEMU. We conduct ongoing security audits of our systems and 24/7 infrastructure monitoring to ensure reliable operation. At the same time, for a small number of VDS nodes we will need to install the appropriate updates and reboot the virtual servers. This work will be carried out within the next 48 hours. During this period, virtual servers located on VDS nodes subject to updates can be rebooted. Our engineers are currently working on an update procedure that will allow the work to be carried out with minimal impact on user virtual machines. For clients using dedicated servers as VDS nodes, we strongly recommend that you also update the software.