perfSONAR Announcements

[Jason Zurawski <>]

Greetings;

A reminder following Andy's note last week - If you haven't done so, please 
take a moment to update your perfSONAR nodes to protect against the 
shellshock vulnerability (https://access.redhat.com/articles/1212303).  That 
means:

 - If you are a LiveCD user, download the new version, burn, and reboot

 - If you are a netinstall user, 'yum update' and reboot

This is a serious issue for all systems that use bash, e.g. pS nodes and 
non-pS nodes, and there are emerging reports of un-patched machines being 
harvested for botnets.  News stories this morning seem to hint that things 
could still get worse:

        
http://it.slashdot.org/story/14/09/29/024239/bash-to-require-further-patching-as-more-shellshock-holes-found

In the coming days we will continue to monitor security feeds and alert the 
community to additional news as it becomes available.  If we see upstream 
warnings, we will send them along to these 2 lists first.  If you have any 
reason to believe a machine has been compromised - remove it from the network 
and re-install immediately.  

Please relay any questions you might have to 
.
  

Thanks;

-jason

On Sep 26, 2014, at 9:59 AM, Andrew Lake 
<>
 wrote:

> Hi all,
> 
> Another new LiveCD has been posted with the bash fixes posted last night: 
> http://software.internet2.edu/pS-Performance_Toolkit/. See 
> https://rhn.redhat.com/errata/RHSA-2014-1306.html for details on the fix 
> applied. 
> 
> As stated before NetInstall users just need to run 'yum update'. Also, the 
> NetInstall ISO will not be updated because it by definition pulls down the 
> latest packages so should get the fixes anytime someone does a new install.
> 
> Thanks,
> Andy
> 
> 
> 
> On Sep 25, 2014, at 9:20 AM, Andrew Lake 
> <>
>  wrote:
> 
>> Hi,
>> 
>> Thanks for pointing that out, I should have highlighted that in my note. 
>> We will likely do a follow-up ISO when that occurs. Since we don't have 
>> control over that timeframe, it could be later today or could be further 
>> out. You may end-up burning a couple ISOs in close succession if something 
>> close to the former is the case. As usual, we'll do our best to keep 
>> everyone posted. 
>> 
>> Thanks,
>> Andy
>> 
>> On Sep 25, 2014, at 9:12 AM, "Christoph.Galuschka" 
>> <>
>>  wrote:
>> 
>>> Hi all,
>>>  
>>> it is also very likely that there will be a followup patch coming soon, 
>>> as the first one seems to have been incomplete.
>>> See also this link:
>>> https://access.redhat.com/articles/1200223
>>>  
>>> cheers
>>> Christoph
>>>  
>>>> Andrew Lake 
>>>> <>
>>>>  hat am 25. September 2014 um 15:06 geschrieben: 
>>>> 
>>>> Hi all,
>>>>  
>>>> Yesterday CentOS announced a critical bash vulnerability (see Jason's 
>>>> note that was sent to the perfSONAR lists copied below). We now have new 
>>>> LiveCDs and LiveUSBs available for users of those installation types at  
>>>> http://software.internet2.edu/pS-Performance_Toolkit/
>>>>  
>>>> As Jason noted yesterday, users of the NetInstall can simply run 'yum 
>>>> update' to get the new fixes. Also, since we almost always get asked in 
>>>> situations like this, if you are planning to do a new NetInstall but 
>>>> notice that the NetInstall ISO was not updated, that is because it will 
>>>> grab the latest packages at install time automatically. In other words, 
>>>> it will just work and you will get all the latest stuff, no new ISO 
>>>> required. Please let us know if you have any questions.
>>>>  
>>>> Thank you,
>>>> Andy
>>>>  
>>>  
>>>> CentOS-QA member | IRC: tigalch