Skip to first unread message
Niky Riga
Apr 10, 2014, 5:31:32 PM4/10/14
to geni-...@googlegroups.com, omni-...@geni.net, experi...@geni.net
[Sorry if you receive multiple copies of this message]
= What is GENI doing about Heartbleed? =
In response to the "Heartbleed"[1] bug in OpenSSL, GENI developers and
infrastructure operators reviewed GENI systems for potential
vulnerabilities. Here is what we learned and what you should do.
* Most GENI systems were not affected by Heartbleed (including the GPO
Portal/Clearinghouse, and emulab.net). The few vulnerabilities
discovered either have been or are being patched.
* At this point, we have no reason to believe that any user information
has been compromised.
= What do you need to do? =
* Many GENI users will not need to do anything. However, if you are in
the following groups, you will need to take these actions.
1. If you use the windows executable of omni command line tools
(including omni and stitcher), you should stop using previous versions
and download a new patched version from:
http://trac.gpolab.bbn.com/gcf/wiki/Windows
2. If you are running a slice, you have to check whether the images you
are using are vulnerable.
a. From ProtoGENI/InstaGENI images, the only vulnerable are the ones
based on Ubuntu 12.04.
- the default image has been patched and distributed to all the racks
- the Ubuntu 12.04 OVS [2] has been patched and will go out to all
the IG racks tonight.
If you are using a custom image that was based on any of the above
images you should recreate it based on a patched version, you should
patch[3] your image and take a new snapshot or contact the image creator
to provide a patched version
b. ExoGENI images. The default image (Debian 6 (squeeze) v1.0.10) is
not affected, the Ubuntu one by Jeanne Ohren has been patched [4]. You
should check any other images you are using [5].
If you already have a slice with a vulnerable image loaded you have to
either delete and recreate it, or patch all the nodes yourself.
If you have any questions or concerns about this, please email us at
he...@geni.net.
Thanks to all the developers and operators for their prompt response!
Best,
Niky Riga
[1] http://heartbleed.com/
[2] Description: Ubuntu 12.04 with OVS for ProtoGENI (Niky)
URN: urn:publicid:IDN+...+image+emulab-ops:Ubuntu12-64-OVS
[3] From :
http://askubuntu.com/questions/445340/patch-openssl-cve-2014-0160-on-ubuntu-12-04
sudo apt-get update
sudo apt-get upgrade
To check if you have the latest and patched version, do:
openssl version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Mon Apr 7 20:33:19 UTC 2014
platform: debian-amd64
[4] URL:
http://emmy9.casa.umass.edu/Disk_Images/ExoGENI/Ubuntu12.04-1.0.1/ubuntu12.04-1.0.1.xml
Version: 7fe99bd12e364b3dac81536af12e76cef0a904c2
[5] To check the openssl version on a system do:
openssl version
Check your version against the affected versions listed at [1]
= What is GENI doing about Heartbleed? =
In response to the "Heartbleed"[1] bug in OpenSSL, GENI developers and
infrastructure operators reviewed GENI systems for potential
vulnerabilities. Here is what we learned and what you should do.
* Most GENI systems were not affected by Heartbleed (including the GPO
Portal/Clearinghouse, and emulab.net). The few vulnerabilities
discovered either have been or are being patched.
* At this point, we have no reason to believe that any user information
has been compromised.
= What do you need to do? =
* Many GENI users will not need to do anything. However, if you are in
the following groups, you will need to take these actions.
1. If you use the windows executable of omni command line tools
(including omni and stitcher), you should stop using previous versions
and download a new patched version from:
http://trac.gpolab.bbn.com/gcf/wiki/Windows
2. If you are running a slice, you have to check whether the images you
are using are vulnerable.
a. From ProtoGENI/InstaGENI images, the only vulnerable are the ones
based on Ubuntu 12.04.
- the default image has been patched and distributed to all the racks
- the Ubuntu 12.04 OVS [2] has been patched and will go out to all
the IG racks tonight.
If you are using a custom image that was based on any of the above
images you should recreate it based on a patched version, you should
patch[3] your image and take a new snapshot or contact the image creator
to provide a patched version
b. ExoGENI images. The default image (Debian 6 (squeeze) v1.0.10) is
not affected, the Ubuntu one by Jeanne Ohren has been patched [4]. You
should check any other images you are using [5].
If you already have a slice with a vulnerable image loaded you have to
either delete and recreate it, or patch all the nodes yourself.
If you have any questions or concerns about this, please email us at
he...@geni.net.
Thanks to all the developers and operators for their prompt response!
Best,
Niky Riga
[1] http://heartbleed.com/
[2] Description: Ubuntu 12.04 with OVS for ProtoGENI (Niky)
URN: urn:publicid:IDN+...+image+emulab-ops:Ubuntu12-64-OVS
[3] From :
http://askubuntu.com/questions/445340/patch-openssl-cve-2014-0160-on-ubuntu-12-04
sudo apt-get update
sudo apt-get upgrade
To check if you have the latest and patched version, do:
openssl version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Mon Apr 7 20:33:19 UTC 2014
platform: debian-amd64
[4] URL:
http://emmy9.casa.umass.edu/Disk_Images/ExoGENI/Ubuntu12.04-1.0.1/ubuntu12.04-1.0.1.xml
Version: 7fe99bd12e364b3dac81536af12e76cef0a904c2
[5] To check the openssl version on a system do:
openssl version
Check your version against the affected versions listed at [1]
Reply all
Reply to author
Forward
0 new messages