perfSONAR Announcements

[Michael Johnson <>]

All,

New web100 kernel packages are now available for users of the perfSONAR 
toolkit. You may run 'yum update' to grab the new kernel. You should restart 
your host after the upgrade completes. Full details on this particular patch 
can be found in the previous email.

Note this is just a kernel upgrade and the other perfSONAR packages have NOT 
been updated. Please let us know if you have any questions or issues.

Also note that the CentOS project released another new kernel while we were 
in the process of building the one referenced in the previous e-mail. That 
update is also included in this release. For more information about that CVE, 
see here:
https://rhn.redhat.com/errata/RHBA-2016-1185.html

Thank you,
The perfSONAR Team


On Thu, May 26, 2016 at 10:26:10AM -0400, Michael Johnson wrote:
> Hi,
>
> May 10 marked the release of a new Red Hat CVE:
>
> https://rhn.redhat.com/errata/RHSA-2016-0855.html
>
> CentOS just released new kernel source RPMs.
>
> A 'yum update' may give you a new non-web100 kernel and therefore break 
> access to NDT/NPAD. Consult our FAQ for more info: 
> http://www.perfsonar.net/about/faq/#Q25
>
> Our read of the CVE does not find any issue of concern specific to the 
> toolkit. It is possible the host may be vulnerable to some types of DoS 
> attacks in some particular cases. If you are in doubt about your kernel, feel 
> free to review the CVE,  upgrade to the latest version, and forgo NDT/NPAD 
> support for the time being.  We are in the process of building and testing a 
> new kernel, and will alert you when we have our web100 patched version 
> available. We'll try to have it ready as soon as possible.
>
> Thank you for your patience,
> The perfSONAR Team
>
> --
> Michael Johnson
> GlobalNOC Software Engineering
> Indiana University
>
> 812-856-2771



--
Michael Johnson
GlobalNOC Software Engineering
Indiana University

812-856-2771

Attachment: pgpnnhU7W7JWD.pgp
Description: PGP signature