Difference between revisions of "Emergency maintenance to fix security vulnerability (CVE-2016-5195)"

From ScientificComputing
Jump to: navigation, search
(Updated the announcement with email sent to all users)
Line 3: Line 3:
 
Since we cannot exclude the possibility that someone already exploited this vulnerability, all '''login nodes''' and '''compute nodes''' will need to be wiped clean and their OS reinstalled from scratch, before they can be put back in production.
 
Since we cannot exclude the possibility that someone already exploited this vulnerability, all '''login nodes''' and '''compute nodes''' will need to be wiped clean and their OS reinstalled from scratch, before they can be put back in production.
  
At the time of writing neither Red Hat nor CentOS have released a patch for the operating system that we are using on Brutus and Euler. '''No-one knows how long this will take.''' Please refrain from submitting tickets or sending emails asking when Brutus and Euler will be back on-line. We will publish news and updates on this page.
+
At the time of writing neither Red Hat nor CentOS have released a patch for the operating system that we are using on Brutus and Euler. '''No-one knows how long this will take.''' Please refrain from submitting tickets or sending emails asking when Brutus and Euler will be back on-line. We will publish regular status updates on this page and notify all cluster users by email when Brutus and Euler are on-line again.
  
 
''Thank you for your understanding''
 
''Thank you for your understanding''
Line 10: Line 10:
 
== Updates ==
 
== Updates ==
  
The reinstallation of the login and compute nodes affects only system files stored in these nodes' local file system (/bin, /etc, /sbin, /scratch, /tmp, /usr, etc.). '''User data''' (/cluster/home, /cluster/scratch, /cluster/work, /cluster/project) '''do not pose any security risk and will therefore not be touched in any way.'''
+
The reinstallation of the login and compute nodes will affect only system files stored in these nodes' local file system (/bin, /etc, /sbin, /scratch, /tmp, /usr, etc.). '''User data''' (/cluster/home, /cluster/scratch, /cluster/work, /cluster/project) '''do not pose any security risk and will therefore not be touched in any way.'''

Revision as of 15:33, 24 October 2016

A recently published vulnerability in the Linux kernel (CVE-2016-5195) allows any user to get full control of the operating system. This is a critical security issue, which leaves us with no choice but to take BOTH Brutus and Euler OFF-LINE until the issue has been fixed.

Since we cannot exclude the possibility that someone already exploited this vulnerability, all login nodes and compute nodes will need to be wiped clean and their OS reinstalled from scratch, before they can be put back in production.

At the time of writing neither Red Hat nor CentOS have released a patch for the operating system that we are using on Brutus and Euler. No-one knows how long this will take. Please refrain from submitting tickets or sending emails asking when Brutus and Euler will be back on-line. We will publish regular status updates on this page and notify all cluster users by email when Brutus and Euler are on-line again.

Thank you for your understanding


Updates

The reinstallation of the login and compute nodes will affect only system files stored in these nodes' local file system (/bin, /etc, /sbin, /scratch, /tmp, /usr, etc.). User data (/cluster/home, /cluster/scratch, /cluster/work, /cluster/project) do not pose any security risk and will therefore not be touched in any way.