perfSONAR User Q&A and Other Discussion

[Jim Warner <>]

'yum update' wants to replace the kernel along with a bunch of other stuff. That would need a reboot which on a live-CD system would wipe out the changes.

Instead, I did:

    yum update openssl*

...and then the stuff to make a new cert.

I think that did what I need.

On Tue, Apr 8, 2014 at 2:02 PM, Jason Zurawski <> wrote:

Hey Jim/All;

Good question.  If you are a liveCD/USB user:

 - We recommend you yum update as well (no, the packages won't survive a reboot)

 - Regen the user cert with the instructions below (this *will* survive the reboot since its in /etc)

We will advise the community shortly on replacement builds for the images.

Thanks;

-jason

On Apr 8, 2014, at 1:10 PM, Jim Warner <> wrote:

> Jason--
>
> Are new images available for Live-CD and run-from-USB?
>
> Thanks
> -jim
>
>
> On Tue, Apr 8, 2014 at 9:31 AM, Jason Zurawski <> wrote:
> Thank you for the post Mark, you beat my own authorship of a note by about 5 minutes.  We will be passing along information from the upstream vendor shortly.
>
> Thanks;
>
> -jason
>
> On Apr 8, 2014, at 9:28 AM, Mark Tinberg <> wrote:
>
> > Any recently updated perfSONAR 3.3 node is likely vulnerable to a recently discovered issue in OpenSSL 1.0.1 which discloses the private key, hosts which have the issue will need to have a new private key generated and signed after replacing the SSL library.  Data which was transmitted over SSL from the time OpenSSL 1.0.1 was installed (which was available 2013-12-03) such as passwords which could have been intercepted may be decrypted after the fact using the private key (unless the SSLCipherSuite has been modified to only allow ciphers which have Forward Secrecy).
> >
> > http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
> >
> > further information
> >
> > http://heartbleed.com/
> >
> > —
> > Mark Tinberg, System Administrator
> > Division of Information Technology - Network Services
> > University of Wisconsin - Madison
> >