Skip to Content.
Sympa Menu

perfsonar-announce - Re: Reminder - Patch Systems Immediately to Reduce Shellshock Risk

Subject: perfSONAR Announcements

List archive

Re: Reminder - Patch Systems Immediately to Reduce Shellshock Risk


Chronological Thread 
  • From: Brian Tierney <>
  • Cc: perfsonar-user <>, perfsonar-announce <>
  • Subject: Re: Reminder - Patch Systems Immediately to Reduce Shellshock Risk
  • Date: Mon, 29 Sep 2014 08:27:53 -0700



On Mon, Sep 29, 2014 at 7:20 AM, Jason Zurawski <> wrote:
Greetings;

A reminder following Andy's note last week - If you haven't done so, please take a moment to update your perfSONAR nodes to protect against the shellshock vulnerability (https://access.redhat.com/articles/1212303).  That means:

 - If you are a LiveCD user, download the new version, burn, and reboot

Or strongly consider installing the netinstall version instead of the LiveCD, so that
future similar issues only require a 'yum update'.
 

 - If you are a netinstall user, 'yum update' and reboot

This is a serious issue for all systems that use bash, e.g. pS nodes and non-pS nodes, and there are emerging reports of un-patched machines being harvested for botnets.  News stories this morning seem to hint that things could still get worse:

        http://it.slashdot.org/story/14/09/29/024239/bash-to-require-further-patching-as-more-shellshock-holes-found

In the coming days we will continue to monitor security feeds and alert the community to additional news as it becomes available.  If we see upstream warnings, we will send them along to these 2 lists first.  If you have any reason to believe a machine has been compromised - remove it from the network and re-install immediately.

Please relay any questions you might have to .

Thanks;

-jason

On Sep 26, 2014, at 9:59 AM, Andrew Lake <> wrote:

> Hi all,
>
> Another new LiveCD has been posted with the bash fixes posted last night: http://software.internet2.edu/pS-Performance_Toolkit/. See https://rhn.redhat.com/errata/RHSA-2014-1306.html for details on the fix applied.
>
> As stated before NetInstall users just need to run 'yum update'. Also, the NetInstall ISO will not be updated because it by definition pulls down the latest packages so should get the fixes anytime someone does a new install.
>
> Thanks,
> Andy
>
>
>
> On Sep 25, 2014, at 9:20 AM, Andrew Lake <> wrote:
>
>> Hi,
>>
>> Thanks for pointing that out, I should have highlighted that in my note. We will likely do a follow-up ISO when that occurs. Since we don't have control over that timeframe, it could be later today or could be further out. You may end-up burning a couple ISOs in close succession if something close to the former is the case. As usual, we'll do our best to keep everyone posted.
>>
>> Thanks,
>> Andy
>>
>> On Sep 25, 2014, at 9:12 AM, "Christoph.Galuschka" <> wrote:
>>
>>> Hi all,
>>>
>>> it is also very likely that there will be a followup patch coming soon, as the first one seems to have been incomplete.
>>> See also this link:
>>> https://access.redhat.com/articles/1200223
>>>
>>> cheers
>>> Christoph
>>>
>>>> Andrew Lake <> hat am 25. September 2014 um 15:06 geschrieben:
>>>>
>>>> Hi all,
>>>>
>>>> Yesterday CentOS announced a critical bash vulnerability (see Jason's note that was sent to the perfSONAR lists copied below). We now have new LiveCDs and LiveUSBs available for users of those installation types at  http://software.internet2.edu/pS-Performance_Toolkit/
>>>>
>>>> As Jason noted yesterday, users of the NetInstall can simply run 'yum update' to get the new fixes. Also, since we almost always get asked in situations like this, if you are planning to do a new NetInstall but notice that the NetInstall ISO was not updated, that is because it will grab the latest packages at install time automatically. In other words, it will just work and you will get all the latest stuff, no new ISO required. Please let us know if you have any questions.
>>>>
>>>> Thank you,
>>>> Andy
>>>>
>>>
>>>> CentOS-QA member | IRC: tigalch



--
Brian Tierney, http://www.es.net/tierney
Energy Sciences Network (ESnet), Berkeley National Lab
http://fasterdata.es.net




Archive powered by MHonArc 2.6.16.

Top of Page