Skip to Content.
Sympa Menu

perfsonar-announce - RedHat CVE for pSPT 3.3.x Releases

Subject: perfSONAR Announcements

List archive

RedHat CVE for pSPT 3.3.x Releases


Chronological Thread 
  • From: Jason Zurawski <>
  • To: "" <>, perfsonar-announce <>
  • Cc: "" <>
  • Subject: RedHat CVE for pSPT 3.3.x Releases
  • Date: Thu, 27 Mar 2014 10:06:15 -0400

Greetings;

A new Red Hat CVE was announced that is related to the Kernel in use on
CentOS 6/pSPT 3.3.x systems:

https://rhn.redhat.com/errata/RHSA-2014-0328.html

If you are a NetInstall user, a 'yum update' may give you a new non-web100
kernel and therefore break access to NDT/NPAD. Consult our FAQ for more info:

http://psps.perfsonar.net/toolkit/FAQs.html#Q30

Our read of the CVE does not find any issue of concern specific to the
toolkit software. There are vulnerabilities in via the system itself that
could lead to local users crashing the system, as well as a remote exploit
that could result in a DoS in rare situations. As always, if you are in
doubt about the kernel review the CVE and upgrade to the latest version,
forgoing NDT/NPAD support for the time being.

The project is in the process of building and testing a new kernel, and will
alert you via these mailing lists when we have the web100 patched version
available. We will try to have this ready as soon as possible, but please
allow us several days of building and testing.

Thank you for your patience and commitment to this software;

-jason



  • RedHat CVE for pSPT 3.3.x Releases, Jason Zurawski, 03/27/2014

Archive powered by MHonArc 2.6.16.

Top of Page