SL6 fix IS now out.
The 7 days is standard for anything assessed as 'critical'.
EGI couldn't just ignore it just because of Christmas, an alert was seen as necessary.
I would say update if you possibly can.
Linda.
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Andrew Sansum
> Sent: 18 December 2014 08:58
> To: [log in to unmask]
> Subject: FW: [Heads up][ EGI SVG/CSIRT] Alert/Advisory 'CRITICAL' risk - Linux
> kernel vulnerabilities [EGI-ADV-20141217]
>
> We note the following EGI advisory. No SL fix yet available and sites threatened
> with suspension if not patched. Given the lateness, staff availability and the lackl
> of an SL update yet there looks to be a very real chance that significant parts of
> the wLCG infrastructure will be suspended. Not sure yet where RAL stands but at
> a minimum we'll have to force a cold restart on the whole farm and run an
> untested kernel through xmass. How do others stand???
>
> Andrew
>
>
> ** WHITE information - Unlimited distribution allowed **
>
> ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **
>
>
> EGI CSIRT ADVISORY [EGI-ADV-20141217]
>
>
> Title: 'Heads up' EGI SVG/CSIRT Alert/Advisory 'CRITICAL' risk - Linux kernel
> vulnerabilities [EGI-ADV-20141217]
>
> Date: 2014-12-17
> Updated: <date yyyy-mm-dd>
>
>
> URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/Linux-2014-12-17
>
> Introduction
> ============
>
> Redhat has announced a series of vulnerabilities in the linux kernel which have
> been fixed.
> ...
> These have been fixed in RHEL 6.
>
> Not all linux distributions have this fixed yet, in particular we are awaiting a fix
> for scientific linux ....
>
> Some of these issues have been assessed as 'Critical' risk by the EGI CSIRT and
> EGI SVG Risk Assessment Team.
>
> ....
>
> Sites should update as soon as possible, after fixed versions of the version of
> linux they are using becomes available.
>
> All running resources MUST be either patched or otherwise have a work-around
> in place by 2014-12-24 T21:00+01:00. Sites failing to act and/or failing to
> respond to requests from the EGI CSIRT team risk site suspension.
>
> In effect, all must update before going on leave for Christmas.
>
> ....
|