perfSONAR User Q&A and Other Discussion

[Jason Zurawski <>]

Hey Jim/All;

Good question.  If you are a liveCD/USB user:

 - We recommend you yum update as well (no, the packages won't survive a 
reboot)

 - Regen the user cert with the instructions below (this *will* survive the 
reboot since its in /etc)

We will advise the community shortly on replacement builds for the images.  

Thanks;

-jason

On Apr 8, 2014, at 1:10 PM, Jim Warner 
<>
 wrote:

> Jason--
> 
> Are new images available for Live-CD and run-from-USB?
> 
> Thanks
> -jim
> 
> 
> On Tue, Apr 8, 2014 at 9:31 AM, Jason Zurawski 
> <>
>  wrote:
> Thank you for the post Mark, you beat my own authorship of a note by about 
> 5 minutes.  We will be passing along information from the upstream vendor 
> shortly.
> 
> Thanks;
> 
> -jason
> 
> On Apr 8, 2014, at 9:28 AM, Mark Tinberg 
> <>
>  wrote:
> 
> > Any recently updated perfSONAR 3.3 node is likely vulnerable to a 
> > recently discovered issue in OpenSSL 1.0.1 which discloses the private 
> > key, hosts which have the issue will need to have a new private key 
> > generated and signed after replacing the SSL library.  Data which was 
> > transmitted over SSL from the time OpenSSL 1.0.1 was installed (which was 
> > available 2013-12-03) such as passwords which could have been intercepted 
> > may be decrypted after the fact using the private key (unless the 
> > SSLCipherSuite has been modified to only allow ciphers which have Forward 
> > Secrecy).
> >
> > http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
> >
> > further information
> >
> > http://heartbleed.com/
> >
> > —
> > Mark Tinberg, System Administrator
> > Division of Information Technology - Network Services
> > University of Wisconsin - Madison
> >