Hi,
in case you don’t read WLCG minutes (https://twiki.cern.ch/twiki/bin/view/LCG/WLCGDailyMeetingsWeek141215#Thursday):
Alessandro (ATLAS) asked whether experiments should take any action to address the vulnerability announced by EGI. Maarten answered that "all WNs should upgraded for sure but NO action is needed by the experiments.”
Elena
On 18 Dec 2014, at 09:54, Wahid Bhimji <[log in to unmask]> wrote:
> reading that errata
> https://www.scientificlinux.org/sl-errata/slsa-20141997-1/
> the only thing an attacker could do is crash the system - to me that is not a reason for banning as it doesn’t affect anyone else - all that would happen is you would lose those unpatched resources - which you would lose anyway if it was banned. The only one with privileged escalation is from physical access and we have barbed wire preventing that (and you don’t need to be a genius hacker to get into a machine with physical access) .
>
> It would be useful (on the other list if need be) why banning would be sensible. Also when the advisory says “or otherwise have a work-around in place” - are there are any workarounds or is that just stock text
>
> Wahid
>
>
> On 18 Dec 2014, at 09:45, Linda Cornwall <[log in to unmask]> wrote:
>
>> SL6 fix IS now out.
>>
>> The 7 days is standard for anything assessed as 'critical'.
>>
>> EGI couldn't just ignore it just because of Christmas, an alert was seen as necessary.
>>
>> I would say update if you possibly can.
>>
>> Linda.
>>
>>> -----Original Message-----
>>> From: Testbed Support for GridPP member institutes [mailto:TB-
>>> [log in to unmask]] On Behalf Of Andrew Sansum
>>> Sent: 18 December 2014 08:58
>>> To: [log in to unmask]
>>> Subject: FW: [Heads up][ EGI SVG/CSIRT] Alert/Advisory 'CRITICAL' risk - Linux
>>> kernel vulnerabilities [EGI-ADV-20141217]
>>>
>>> We note the following EGI advisory. No SL fix yet available and sites threatened
>>> with suspension if not patched. Given the lateness, staff availability and the lackl
>>> of an SL update yet there looks to be a very real chance that significant parts of
>>> the wLCG infrastructure will be suspended. Not sure yet where RAL stands but at
>>> a minimum we'll have to force a cold restart on the whole farm and run an
>>> untested kernel through xmass. How do others stand???
>>>
>>> Andrew
>>>
>>>
>>> ** WHITE information - Unlimited distribution allowed **
>>>
>>> ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **
>>>
>>>
>>> EGI CSIRT ADVISORY [EGI-ADV-20141217]
>>>
>>>
>>> Title: 'Heads up' EGI SVG/CSIRT Alert/Advisory 'CRITICAL' risk - Linux kernel
>>> vulnerabilities [EGI-ADV-20141217]
>>>
>>> Date: 2014-12-17
>>> Updated: <date yyyy-mm-dd>
>>>
>>>
>>> URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/Linux-2014-12-17
>>>
>>> Introduction
>>> ============
>>>
>>> Redhat has announced a series of vulnerabilities in the linux kernel which have
>>> been fixed.
>>> ...
>>> These have been fixed in RHEL 6.
>>>
>>> Not all linux distributions have this fixed yet, in particular we are awaiting a fix
>>> for scientific linux ....
>>>
>>> Some of these issues have been assessed as 'Critical' risk by the EGI CSIRT and
>>> EGI SVG Risk Assessment Team.
>>>
>>> ....
>>>
>>> Sites should update as soon as possible, after fixed versions of the version of
>>> linux they are using becomes available.
>>>
>>> All running resources MUST be either patched or otherwise have a work-around
>>> in place by 2014-12-24 T21:00+01:00. Sites failing to act and/or failing to
>>> respond to requests from the EGI CSIRT team risk site suspension.
>>>
>>> In effect, all must update before going on leave for Christmas.
>>>
>>> ....
>
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
|