SCS Computing
 Services and Solutions
  links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
 
 
 » How to… 
 » Accounts & passwords 
 » AFS 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Support lifecycle 
 » Web publishing 
 » Mac support 
 » Linux support 
 » Windows PC support 

[Security Notice] ACTION REQUIRED - Critical Linux security vulnerability

February 17, 2016

A critical, remotely-exploitable, vulnerability that affects most Linux hosts was announced on February 16, 2016.

Hosts that are affected by this vulnerability *MUST* be patched and rebooted as soon as possible.

Affected SCS supported operating systems include:

- Ubuntu 14.04 LTS

- Ubuntu 12.04 LTS

- Fedora 14

- Fedora 10

NOTE: Fedora 7 hosts are *NOT* affected by this vulnerability.

If your operating system is not listed above, check with your OS vendor.

SERVICE DISRUPTIONS: SCS Computing Facilities will be patching affected systems that provide services to the SCS community. As a result, you may notice brief service disruptions as affected servers are rebooted.

Servers running user-facing services will be scheduled to be patched and rebooted between 6:00 PM Wednesday, February 17th and 8:00 AM Thursday, February 18th.

HPC CLUSTERS: All HPC clusters supported by SCS Facilities are in the process of being patched. Notifications will be sent before clusters are rebooted.

If you are running any of the affected systems, you must patch and reboot your machine.

To patch your machine

=====================

On Ubuntu (Ubuntu 14.04 LTS and Ubuntu 12.04 LTS)

-------------------------------------------------

1. Run (as root):

apt-get update

apt-get upgrade

2. Reboot your machine.

3. After the reboot, you should test if your machine was successfully patched. Instructions for doing so are near the end of this message.

On affected Fedora hosts running the SCS Computing environment

--------------------------------------------------------------

1. Run (as root):

/usr/cs/bin/dosupdepot

2. Reboot your machine

3. After the reboot, you should test if your machine was successfully patched. Instructions for testing are listed below:

To test if the patch has been applied

=====================================

IMPORTANT: If you did not reboot your host, these tests will indicate that your host is patched, even though unpatched services may still be running on it. You must reboot to fully patch your host.

If you have followed the patch instructions and the tests below indicate that your host is still not patched, contact help@cs.cmu.edu

Ubuntu 14.04 LTS and Ubuntu 12.04 LTS

-------------------------------------

Run:

dpkg -s libc6 | grep '^Version'

The patched versions are:

For Ubuntu 14.04: 2.19-0ubuntu6.7

For Ubuntu 12.04: 2.15-0ubuntu10.13

Fedora 14 and Fedora 10

-----------------------

Run:

rpm -q glibc

The patched versions are:

For F14: glibc-2.12.90-17.SCS002.i686 or glibc-2.12.90-17.SCS002.x86_64

For F10: glibc-2.9-2.SCS003.i686 or glibc-2.9-2.SCS003.x86_64

Additional information

======================

Technical details about this issue:

https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

Please contact help@cs.cmu.edu or call the SCS Help Desk (x8-4231) if you have questions about this issue.

Thank you for your attention,

SCS Help Desk