perfsonar-user - [perfsonar-user] CVEs
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: "Bidwell, Matt" <>
- To: "" <>
- Subject: [perfsonar-user] CVEs
- Date: Wed, 31 Jul 2024 16:17:30 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nrel.gov; dmarc=pass action=none header.from=nrel.gov; dkim=pass header.d=nrel.gov; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KFe3yaGth4bghRKA9eMeDwOspxh39q+AakJ0JmIceZk=; b=WdxuWD1IWtShHl1Z6VUt56d9We7FcBDGtuPT6CU2mTv60FsDAoIrLeH52QtRSU9XcANCrNmmE6oDUBkS0UW3RNLOO/M0sHTHIfroRoZ3NSxaHzcfECjo9IUxYqQzeuIr7KC+UrzpmIuuKg6Sss9nidA1EXXF6OnOUxS3TdCndU8izniAbhE3vl6ghDDL5TEKhjGxanY92V3UZOCwgkJFd+liu1mg1RnyFbcuh9chvOOh0/7UFuB+KrEw/uprHUB/ZbaGrzgSsOAvBqrHgNvc6eHYRfpiT5v7SJktZDMQrA0MdSMEWLqwKtunsavm1cOljtUf3mSRHQ2BlHsmNFk6MA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ZugVFa7wK+nZnZKZP37T1hStnkRcO3ihz88bVHxoxpcAW4Vw+wA9rRZ3xHpa0bnl2r+Oe6F9Mluz+RYcGBPkFIG4IqUgRv0FsAAwMyV33JbiSs3YnXlFWeYlo1DPLMYPse3FGKcr+AeOWrvUXu2faOtA22QARa2AVwdywNsYZpz6VFDzy7U6PASKPAD9Q+7Rudb+ZXVVUQHLGHJhvZvCLISUEjfAu3GGmr8h3SWr7ncAVU9q+JHslyjrQvzYI840AkqK44JZaD3G9qa/gG3qLtQCu+Ph5GZc02bwc+N8ddmeEVeR9j18E9B3bPGrXYQPEMWLjApB1X3s7RQGDjsjDQ==
- Msip_labels: MSIP_Label_95965d95-ecc0-4720-b759-1f33c42ed7da_ActionId=6a5fcdb7-3f0c-43c2-8742-1d54752aa309;MSIP_Label_95965d95-ecc0-4720-b759-1f33c42ed7da_ContentBits=0;MSIP_Label_95965d95-ecc0-4720-b759-1f33c42ed7da_Enabled=true;MSIP_Label_95965d95-ecc0-4720-b759-1f33c42ed7da_Method=Standard;MSIP_Label_95965d95-ecc0-4720-b759-1f33c42ed7da_Name=General;MSIP_Label_95965d95-ecc0-4720-b759-1f33c42ed7da_SetDate=2024-07-31T16:00:02Z;MSIP_Label_95965d95-ecc0-4720-b759-1f33c42ed7da_SiteId=a0f29d7e-28cd-4f54-8442-7885aee7c080;
I guess the simple question is, how does the Perfsonar project manage and
respond to CVE's? The more complex background is I couldn't really find the
answer to this myself. For example, I know about CVE-2024-26306 and
CVE-2023-7250 against iperf3 because I'm a paying RedHat customer. Working
backwards from knowing the CVE numbers, I couldn't find any reference in the
ESNet Github, 'rpm -q --changelog iperf3' or 'yum changelog iperf3'. I found
an email here announcing the release of a new version of iperf3 fixing
CVE-2024-26306 in version 3.17. The next previous CVE email was log4j over 2
years ago. Is there somewhere else I should be looking, and can I suggest
making sure it's mentioned in Github release notes/ rpm changelogs?
Matt Bidwell
Sr HPC Systems Administrator | Computational Science Center
National Renewable Energy Laboratory (NREL)
15013 Denver West Parkway | Golden, CO 80401
303-275-4639
| www.nrel.gov
- [perfsonar-user] CVEs, Bidwell, Matt, 07/31/2024
- Re: [perfsonar-user] CVEs, Mark Feit, 07/31/2024
Archive powered by MHonArc 2.6.24.