Skip to Content.
Sympa Menu

perfsonar-user - Re: [perfSONAR-developer] [perfsonar-user] Fwd: [CentOS-announce] CESA-2014:1997 Important CentOS 6 kernel Security Update

Subject: perfSONAR User Q&A and Other Discussion

List archive

Re: [perfSONAR-developer] [perfsonar-user] Fwd: [CentOS-announce] CESA-2014:1997 Important CentOS 6 kernel Security Update


Chronological Thread 
  • From: Aaron Brown <>
  • To: Nadim El-Khoury <>
  • Cc: Michael Johnson <>, "" <>, "" <>, perfsonar-announce <>
  • Subject: Re: [perfSONAR-developer] [perfsonar-user] Fwd: [CentOS-announce] CESA-2014:1997 Important CentOS 6 kernel Security Update
  • Date: Wed, 24 Dec 2014 13:23:13 +0000
  • Accept-language: en-US
  • Authentication-results: georgetown.edu; dkim=none (message not signed) header.d=none;

Hey Nadim,

The RPMs may have been auto-updated on your host. The easiest way to check that is to do a “rpm -qa kernel” and check if version 2.6.32-504.3.3 is installed. If so, a reboot should correct it.

Cheers,
Aaron

On Dec 24, 2014, at 12:38 AM, Nadim El-Khoury <> wrote:

Hi Micahel,

It looks like that the software is still not on available from some of the mirrors.

yum update
Loaded plugins: downloadonly, fastestmirror, security
Setting up Update Process
Loading mirror speeds from cached hostfile
 * Internet2: linux.mirrors.es.net
 * base: mirror.beyondhosting.net
 * epel: csc.mcs.sdsmt.edu
 * extras: distro.ibiblio.org
 * updates: mirrors.lga7.us.voxel.net
No Packages marked for Update

Thank you
Nadim Elias El-Khoury

On Tue, Dec 23, 2014 at 11:35 PM, Michael Johnson <> wrote:
All,

New web100 kernel packages are now available for netinstall users of the perfSONAR-PS toolkit. You may run 'yum update' to grab the new kernel. You should restart your host after the upgrade completes. Full details on this particular patch can be found in the previous email.

Note this is just a kernel upgrade and the other perfSONAR-PS packages have NOT been updated.  As we often do with incremental kernel updates, we will not be providing a new LiveCD for this particular update. Please let us know if you have any questions or issues.

Thank you,
The perfSONAR Team


On Wed, Dec 17, 2014 at 10:40:39AM -0500, Jason Zurawski wrote:
Greetings;

See below for an announcement from CentOS regarding a new Red Hat CVE and kernel package, additional info can be found at this link:

        https://rhn.redhat.com/errata/RHSA-2014-1997.html

Our read of the CVE does not find any issue of concern specific to the toolkit software.  There are mentions of local user privilege escalation attacks, and very slight risks to DOS in some scenarios.

For those using a non-LiveCD system running ‘yum update’ by hand, or those that have enabled the automated update service, will see a new kernel come in.  Rebooting will cause this kernel to be loaded, thus breaking access to the NDT and NPAD tools for the time being.

If you are in doubt about the security of the system, feel free to review the CVE and upgrade to the latest version as local policy dictates.  We are in the process of building and testing a new kernel, and will alert you when we have our web100 patched version available.

Thank you for your patience and Happy Festivus;
The perfSONAR Team

Begin forwarded message:

Date: December 17, 2014 at 7:13:22 AM EST
From: Johnny Hughes <>
To:
Subject: [CentOS-announce] CESA-2014:1997 Important CentOS 6 kernel Security Update
Reply-To:


CentOS Errata and Security Advisory 2014:1997 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1997.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
a9c3a1a1f00cfe2f8dec2aa9d8955c3fc88175d63fd7e546d8fd31022a5e3fd5  kernel-2.6.32-504.3.3.el6.i686.rpm
7505fcd1f225f075c69d8e298bc1ef7e7e1a7c4133692ea2a360761cdc4552a0  kernel-abi-whitelists-2.6.32-504.3.3.el6.noarch.rpm
2da4c4dcc91e2aede356279458564d29161c0a42d870cf639aff2b8ce6a6fb82  kernel-debug-2.6.32-504.3.3.el6.i686.rpm
25c35628d6915f8eeb38453449d7dcceb18fb903bb353301da7d81a571b13fbd  kernel-debug-devel-2.6.32-504.3.3.el6.i686.rpm
15b731d59bbc6f48f11443979eda4753b7ffccbb5f461287dd6858457d783c00  kernel-devel-2.6.32-504.3.3.el6.i686.rpm
e95e10ce7f23bac3c9e14a0df2518e56b87a40b87bb23d521f3f824b5201695a  kernel-doc-2.6.32-504.3.3.el6.noarch.rpm
98ffea48c454380812ec91b4a5a7c6bf5c7f6b0bdb5b11859f9255dd7831a5ab  kernel-firmware-2.6.32-504.3.3.el6.noarch.rpm
a1b715401fb7669f8d5cdddc7318ae6c86561ad13c27987aa2054c4213d6cbc5  kernel-headers-2.6.32-504.3.3.el6.i686.rpm
ef4e90ed08f81abb52225b0be637297feffa263a5d406b1f8ef246ecff4cdf37  perf-2.6.32-504.3.3.el6.i686.rpm
0b6820042c174f63e74c549075656dbf3ff8fd94a7473cb6e8c030db86ead1ff  python-perf-2.6.32-504.3.3.el6.i686.rpm

x86_64:
d401fbae56420ac87bab4be1eef55f1e0cdc59c4e6ac086e7c389af9ee95507c  kernel-2.6.32-504.3.3.el6.x86_64.rpm
7505fcd1f225f075c69d8e298bc1ef7e7e1a7c4133692ea2a360761cdc4552a0  kernel-abi-whitelists-2.6.32-504.3.3.el6.noarch.rpm
3617b229c27488a475760cba8948e6f6d6f37c68a87cfcc2aad1323504989f21  kernel-debug-2.6.32-504.3.3.el6.x86_64.rpm
2daedae3ddffe8ba907191a3097f1b204ba10d0bb41e87eada8d69cc76be341b  kernel-debug-devel-2.6.32-504.3.3.el6.x86_64.rpm
83546df48340c60758a3f6747c0e7ce8854da00804feda480b748a28c257b739  kernel-devel-2.6.32-504.3.3.el6.x86_64.rpm
e95e10ce7f23bac3c9e14a0df2518e56b87a40b87bb23d521f3f824b5201695a  kernel-doc-2.6.32-504.3.3.el6.noarch.rpm
98ffea48c454380812ec91b4a5a7c6bf5c7f6b0bdb5b11859f9255dd7831a5ab  kernel-firmware-2.6.32-504.3.3.el6.noarch.rpm
f85806c0fa62c0592d06b1599b05c3eacf03b0bc18b39e8a42239c478cfe836b  kernel-headers-2.6.32-504.3.3.el6.x86_64.rpm
14c596cdd5075970ed25e1b3c8f583ad9cdf1d0cb9cfa2583f702cec3fe8f93f  perf-2.6.32-504.3.3.el6.x86_64.rpm
4cd783cd4f6c0cbd2e87bbb33b7c19d5721cd4b6cb160f69a807194d35fa1e36  python-perf-2.6.32-504.3.3.el6.x86_64.rpm

Source:
2de29e651647a79e10adeb2c1ad8c454330743bd51c6fb0553f0520add652c05  kernel-2.6.32-504.3.3.el6.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #

_______________________________________________
CentOS-announce mailing list

http://lists.centos.org/mailman/listinfo/centos-announce

--
Michael Johnson
GlobalNOC Software Engineering
Indiana University

812-856-2771




--
"Keep away from people who try to belittle your ambitions.  Small people always do that, but the really great make you feel that you, too, can become great."
Mark Twain




Archive powered by MHonArc 2.6.16.

Top of Page