You have a very good point; thanks for pointing this out. We will have to
discuss in development how to fix this. Fortunately the use of the
kernel is short-lived only for discovery, install, etc. This does not
impact a running MN or running compute nodes.
Lissa K. Valletta
8-3/B10
Poughkeepsie, NY 12601
(tie 293) 433-3102
From: Mark Loveridge <[email protected]>
To: xCAT Users Mailing list <[email protected]>
Date: 10/01/2014 10:07 AM
Subject: Re: [xcat-user] Bash vulnerabilities (CVE-2014-6271,
CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and
CVE-2014-6278)
Schlumberger-Private
The version of bash in the genesis kernel is potentially vulnerable –
though it probably isn’t exploitable in the out-of-the-box configuration.
Are there any plans to update the genesis image?
I for one will be replacing the genesis version of bash with a patched
version so that I feel more comfortable (and keep my managers happy).
Mark
From: Lissa Valletta [mailto:[email protected]]
Sent: 30 September 2014 12:27
To: xCAT Users Mailing list
Subject: [xcat-user] Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169,
CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278)
Title: Extreme Cloud Administration Toolkit (xCAT) is not affected by the
Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186,
CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278)
Flash (Alert)
Abstract
Extreme Cloud Administration Toolkit (xCAT)is not vulnerable to the Bash
vulnerabilities that have been referred to as “Bash Bug” or “Shellshock”
and the two memory corruption vulnerabilities.
Content
· Extreme Cloud Administration Toolkit (xCAT) in all editions and all
platforms is NOT vulnerable to the Bash vulnerabilities (CVE-2014-6271,
CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and
CVE-2014-6278).
Remediation: Check your OS for recommended patches.
Lissa K. Valletta
8-3/B10
Poughkeepsie, NY 12601
(tie 293) 433-3102
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
