Difference between revisions of "Emergency maintenance to fix security vulnerability (CVE-2016-5195)"

From ScientificComputing
Jump to: navigation, search
(Added link to CVE)
(Updated the announcement with email sent to all users)
Line 1: Line 1:
Due to a security vulnerability ([https://access.redhat.com/security/cve/cve-2016-5195 CVE-2016-5195]), we need to perform an emergency maintenance. The login nodes have been closed and the queues have been inactivated. The currently running jobs will continue to run.
+
A recently published '''vulnerability''' in the Linux kernel ([https://access.redhat.com/security/cve/cve-2016-5195 CVE-2016-5195]) allows any user to get full control of the operating system. This is a '''critical security issue''', which leaves us with no choice but to take BOTH '''Brutus''' and '''Euler''' OFF-LINE until the issue has been fixed.
  
Our system administrators are working to make Euler available again as soon as possible. Please check this page for updates.
+
Since we cannot exclude the possibility that someone already exploited this vulnerability, all '''login nodes''' and '''compute nodes''' will need to be wiped clean and their OS reinstalled from scratch, before they can be put back in production.
 +
 
 +
At the time of writing neither Red Hat nor CentOS have released a patch for the operating system that we are using on Brutus and Euler. '''No-one knows how long this will take.''' Please refrain from submitting tickets or sending emails asking when Brutus and Euler will be back on-line. We will publish news and updates on this page.
 +
 
 +
''Thank you for your understanding''
  
We are sorry for the inconvenience.
 
  
 
== Updates ==
 
== Updates ==
  
As a precaution, all login nodes and compute nodes will be wiped clean and reinstalled. This is necessary to eliminate any malicious software that ''could'' have been installed while the system was compromised. This reinstallation affects only system files stored in the nodes' local file system (/bin, /etc, /sbin, /scratch, /tmp, /usr, etc.). '''User data''' (/cluster/home, /cluster/scratch, /cluster/work, /cluster/project) '''do not pose any security risk and will therefore not be touched in any way.'''
+
The reinstallation of the login and compute nodes affects only system files stored in these nodes' local file system (/bin, /etc, /sbin, /scratch, /tmp, /usr, etc.). '''User data''' (/cluster/home, /cluster/scratch, /cluster/work, /cluster/project) '''do not pose any security risk and will therefore not be touched in any way.'''

Revision as of 15:07, 24 October 2016

A recently published vulnerability in the Linux kernel (CVE-2016-5195) allows any user to get full control of the operating system. This is a critical security issue, which leaves us with no choice but to take BOTH Brutus and Euler OFF-LINE until the issue has been fixed.

Since we cannot exclude the possibility that someone already exploited this vulnerability, all login nodes and compute nodes will need to be wiped clean and their OS reinstalled from scratch, before they can be put back in production.

At the time of writing neither Red Hat nor CentOS have released a patch for the operating system that we are using on Brutus and Euler. No-one knows how long this will take. Please refrain from submitting tickets or sending emails asking when Brutus and Euler will be back on-line. We will publish news and updates on this page.

Thank you for your understanding


Updates

The reinstallation of the login and compute nodes affects only system files stored in these nodes' local file system (/bin, /etc, /sbin, /scratch, /tmp, /usr, etc.). User data (/cluster/home, /cluster/scratch, /cluster/work, /cluster/project) do not pose any security risk and will therefore not be touched in any way.