We note the following EGI advisory. No SL fix yet available and sites threatened with suspension if not patched. Given the lateness, staff availability and the lackl of an SL update yet there looks to be a very real chance that significant parts of the wLCG infrastructure will be suspended. Not sure yet where RAL stands but at a minimum we'll have to force a cold restart on the whole farm and run an untested kernel through xmass. How do others stand???
Andrew
** WHITE information - Unlimited distribution allowed **
** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **
EGI CSIRT ADVISORY [EGI-ADV-20141217]
Title: 'Heads up' EGI SVG/CSIRT Alert/Advisory 'CRITICAL' risk - Linux
kernel vulnerabilities [EGI-ADV-20141217]
Date: 2014-12-17
Updated: <date yyyy-mm-dd>
URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/Linux-2014-12-17
Introduction
============
Redhat has announced a series of vulnerabilities in the linux kernel which
have been fixed.
...
These have been fixed in RHEL 6.
Not all linux distributions have this fixed yet, in particular we are awaiting
a fix for scientific linux
....
Some of these issues have been assessed as 'Critical' risk by the EGI CSIRT
and EGI SVG
Risk Assessment Team.
....
Sites should update as soon as possible, after fixed versions of the version of
linux they are using becomes available.
All running resources MUST be either patched or otherwise have a
work-around in place by 2014-12-24 T21:00+01:00. Sites failing to act and/or
failing to respond to requests from the EGI CSIRT team risk site suspension.
In effect, all must update before going on leave for Christmas.
....
|