perfSONAR Announcements

[Andrew Lake <>]

Hi all,

Yesterday CentOS announced a critical bash vulnerability (see Jason's note that was sent to the perfSONAR lists copied below). We now have new LiveCDs and LiveUSBs available for users of those installation types at http://software.internet2.edu/pS-Performance_Toolkit/

As Jason noted yesterday, users of the NetInstall can simply run 'yum update' to get the new fixes. Also, since we almost always get asked in situations like this, if you are planning to do a new NetInstall but notice that the NetInstall ISO was not updated, that is because it will grab the latest packages at install time automatically. In other words, it will just work and you will get all the latest stuff, no new ISO required. Please let us know if you have any questions.

Thank you,

Andy

Begin forwarded message:

From: Jason Zurawski <>

Subject: [perfSONAR-developer] Fwd: [CentOS-announce] CESA-2014:1293 Critical CentOS 6 bash Security Update

Date: September 24, 2014 6:46:09 PM EDT

To: "" <>, perfsonar-announce <>

Cc: "" <>

Reply-To: "" <>

Greetings;

Please see below for an announcement from the CentOS project regarding a critical security update to the bash application.  Additional information on the vulnerability can be found at the following URLs:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://access.redhat.com/security/cve/CVE-2014-6271
http://seclists.org/oss-sec/2014/q3/650

perfSONAR netinstall users are encouraged to run 'yum update' immediately, and pull down the patched version of this package.  This will come from CentOS directly.  

The perfSONAR team is currently rebuilding the LiveCD product for version 3.3, and will announce to these lists when it is available. Concerned parties can power down their LiveCDs for the time being.  

Please relay any questions or concerns regarding this announcement to the developers:

Thanks;

-jason

Begin forwarded message:

From: Johnny Hughes <>
Subject: [CentOS-announce] CESA-2014:1293 Critical CentOS 6 bash Security Update
Date: September 24, 2014 9:10:11 AM MDT
To:
Reply-To:


CentOS Errata and Security Advisory 2014:1293 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1293.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
f17f9e203cc55846a050ce57efd67159e208ef8bd469633a471233e8b9c54a74  bash-4.1.2-15.el6_5.1.i686.rpm
11628832fb279e1bdca2cb8f403f7080fbab9fde554ed6ce3081344f92a93d7a  bash-doc-4.1.2-15.el6_5.1.i686.rpm

x86_64:
eb8e41a4752e64c5c64371e5ae2ddbd5857b1e879832557a89fad195f4ab8f5b  bash-4.1.2-15.el6_5.1.x86_64.rpm
16312fa5b190cd20b8ce2374e8ea2404aa17c849003dd080105e6225fc379df1  bash-doc-4.1.2-15.el6_5.1.x86_64.rpm

Source:
063b6c42042d97a7aa32f8d058947275085a95a1545d1fe018bdc888e4dc093f  bash-4.1.2-15.el6_5.1.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #

_______________________________________________
CentOS-announce mailing list

http://lists.centos.org/mailman/listinfo/centos-announce