perfsonar-announce - RedHat CVE for pSPT 3.3.x Releases
Subject: perfSONAR Announcements
List archive
- From: Jason Zurawski <>
- To: "" <>, perfsonar-announce <>
- Cc: "" <>
- Subject: RedHat CVE for pSPT 3.3.x Releases
- Date: Thu, 27 Mar 2014 10:06:15 -0400
Greetings;
A new Red Hat CVE was announced that is related to the Kernel in use on
CentOS 6/pSPT 3.3.x systems:
https://rhn.redhat.com/errata/RHSA-2014-0328.html
If you are a NetInstall user, a 'yum update' may give you a new non-web100
kernel and therefore break access to NDT/NPAD. Consult our FAQ for more info:
http://psps.perfsonar.net/toolkit/FAQs.html#Q30
Our read of the CVE does not find any issue of concern specific to the
toolkit software. There are vulnerabilities in via the system itself that
could lead to local users crashing the system, as well as a remote exploit
that could result in a DoS in rare situations. As always, if you are in
doubt about the kernel review the CVE and upgrade to the latest version,
forgoing NDT/NPAD support for the time being.
The project is in the process of building and testing a new kernel, and will
alert you via these mailing lists when we have the web100 patched version
available. We will try to have this ready as soon as possible, but please
allow us several days of building and testing.
Thank you for your patience and commitment to this software;
-jason
- RedHat CVE for pSPT 3.3.x Releases, Jason Zurawski, 03/27/2014
Archive powered by MHonArc 2.6.16.