[prev in list] [next in list] [prev in thread] [next in thread] 

List:       npaci-rocks-discussion
Subject:    [Rocks-Discuss]  GHOST Critical Centos Update
From:       James Rudd <james.rudd () gmail ! com>
Date:       2015-01-28 8:18:37
Message-ID: CANhvMXO3Bxc-ePteC8zPNmLUPTL1qz1XCss+kkvbmqF30HLRCw () mail ! gmail ! com
[Download RAW message or body]

Most of you would be aware of the recently announced vulnerability in glibc.
http://www.zdnet.com/article/critical-linux-security-hole-found/
http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/

Rocks Centos is vulnerable to privilege escalation from local users, and
any services you have open in your firewall (e.g. mail).

For those interested these are the commands I used for patching our Rocks
6.1 system. For 6.1.1 just change the RPM directory. These are based on the
BASH patching commands used in the past.

yumdownloader --enablerepo=updates,base \
   --destdir=/export/rocks/install/contrib/6.1/x86_64/RPMS/ glibc\* nscd
cd /export/rocks/install
rocks create distro
rocks run host frontend "yum clean all; yum -y update glibc\* nscd"
rocks run host login "yum clean all; yum -y update glibc\* nscd"
rocks run host compute "yum clean all; yum -y update glibc\* nscd"
rocks run host nas "yum clean all; yum -y update glibc\* nscd"


Hope this is useful to others.

Cheers,
 James

James Rudd
http://jrudd.org/
---------------------
HPC Cluster Administrator
Centre of Excellence for Silicon Photovoltaics and Photonics
University of New South Wales
Sydney NSW 2052
AUSTRALIA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20150128/d630baea/attachment.html \



[prev in list] [next in list] [prev in thread] [next in thread]