Skip to Content.
Sympa Menu

perfsonar-announce - Reminder - Patch Systems Immediately to Reduce Shellshock Risk

Subject: perfSONAR Announcements

List archive

Reminder - Patch Systems Immediately to Reduce Shellshock Risk

Chronological Thread 
  • From: Jason Zurawski <>
  • To: perfsonar-user <>, perfsonar-announce <>
  • Cc:
  • Subject: Reminder - Patch Systems Immediately to Reduce Shellshock Risk
  • Date: Mon, 29 Sep 2014 08:20:17 -0600


A reminder following Andy's note last week - If you haven't done so, please
take a moment to update your perfSONAR nodes to protect against the
shellshock vulnerability ( That

- If you are a LiveCD user, download the new version, burn, and reboot

- If you are a netinstall user, 'yum update' and reboot

This is a serious issue for all systems that use bash, e.g. pS nodes and
non-pS nodes, and there are emerging reports of un-patched machines being
harvested for botnets. News stories this morning seem to hint that things
could still get worse:

In the coming days we will continue to monitor security feeds and alert the
community to additional news as it becomes available. If we see upstream
warnings, we will send them along to these 2 lists first. If you have any
reason to believe a machine has been compromised - remove it from the network
and re-install immediately.

Please relay any questions you might have to



On Sep 26, 2014, at 9:59 AM, Andrew Lake

> Hi all,
> Another new LiveCD has been posted with the bash fixes posted last night:
> See
> for details on the fix
> applied.
> As stated before NetInstall users just need to run 'yum update'. Also, the
> NetInstall ISO will not be updated because it by definition pulls down the
> latest packages so should get the fixes anytime someone does a new install.
> Thanks,
> Andy
> On Sep 25, 2014, at 9:20 AM, Andrew Lake
> <>
> wrote:
>> Hi,
>> Thanks for pointing that out, I should have highlighted that in my note.
>> We will likely do a follow-up ISO when that occurs. Since we don't have
>> control over that timeframe, it could be later today or could be further
>> out. You may end-up burning a couple ISOs in close succession if something
>> close to the former is the case. As usual, we'll do our best to keep
>> everyone posted.
>> Thanks,
>> Andy
>> On Sep 25, 2014, at 9:12 AM, "Christoph.Galuschka"
>> <>
>> wrote:
>>> Hi all,
>>> it is also very likely that there will be a followup patch coming soon,
>>> as the first one seems to have been incomplete.
>>> See also this link:
>>> cheers
>>> Christoph
>>>> Andrew Lake
>>>> <>
>>>> hat am 25. September 2014 um 15:06 geschrieben:
>>>> Hi all,
>>>> Yesterday CentOS announced a critical bash vulnerability (see Jason's
>>>> note that was sent to the perfSONAR lists copied below). We now have new
>>>> LiveCDs and LiveUSBs available for users of those installation types at
>>>> As Jason noted yesterday, users of the NetInstall can simply run 'yum
>>>> update' to get the new fixes. Also, since we almost always get asked in
>>>> situations like this, if you are planning to do a new NetInstall but
>>>> notice that the NetInstall ISO was not updated, that is because it will
>>>> grab the latest packages at install time automatically. In other words,
>>>> it will just work and you will get all the latest stuff, no new ISO
>>>> required. Please let us know if you have any questions.
>>>> Thank you,
>>>> Andy
>>>> CentOS-QA member | IRC: tigalch

Archive powered by MHonArc 2.6.16.

Top of Page