This post is more than 5 years old
2 Intern
•
178 Posts
0
2328
September 30th, 2014 09:00
Is Isilon clusters impacted by shell shock bug ??
As Isilon OneFS runs on FreeBSD, is clusters affected by shell shock bug?
How can we verify bash running on FreeBSD and upgrade if needed.
Thank you
0 events found
No Events found!
Nikschen
179 Posts
0
September 30th, 2014 09:00
Hi Khkris,
Please see the announcement on the community homepage or visit for up-to-date information: http://productsecurityblog.emc.com/2014/09/impact-gnu-bash-shellshock-vulnerability-emc-products/
khkris
2 Intern
•
178 Posts
0
September 30th, 2014 09:00
Thank you dynamox. The article is very informative.
How can we verify weather AsperaSoft is activated on OneFS or custom cgi scripts being used on Isilon clusters ? Any commands to verify
Thanks
dynamox
9 Legend
•
20.4K Posts
•
87.4K Points
0
September 30th, 2014 09:00
https://support.emc.com/kb/192608
khkris
2 Intern
•
178 Posts
0
September 30th, 2014 09:00
Thank you. For InsightIQ, Article suggesting to update to latest bash version. Do we have latest bash version details where bug is fixed ?
Current bash version we are on is " GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)"
dynamox
9 Legend
•
20.4K Posts
•
87.4K Points
0
September 30th, 2014 09:00
if you don't have this file, you don't have Aspera installed/configured
/ifs/.ifsvar/aspera/etc/aspera.conf
markfoster1
22 Posts
2
September 30th, 2014 10:00
As with most security updates, the upstream do not upgrade bash entirely, but instead backport the security fix down into the version that it shipped with. In other words, the version reported by bash --version doesn't change, but rpm and yum will show the necessary detail.
You can use the rpm -q --changelog bash to see the recent package update details.
[root@mint ~]# yum update bash
...
Resolving Dependencies
--> Running transaction check
---> Package bash.x86_64 0:4.1.2-9.el6_2 will be updated
---> Package bash.x86_64 0:4.1.2-15.el6_5.2 will be an update
--> Finished Dependency Resolution
...
Updated:
bash.x86_64 0:4.1.2-15.el6_5.2
Complete!
[root@mint ~]# rpm -q --changelog bash | head -3
* Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> - 4.1.2-15.2
- CVE-2014-7169
Resolves: #1146322
Because InsightIQ (recent versions) run on CentOS, which is derived from RHEL6 you can find more errata and package details here:
Shellshock: Bash Code Injection Vulnerability (Original CVE-2014-6271) - Red Hat Customer Portal
khkris
2 Intern
•
178 Posts
0
October 13th, 2014 11:00
Hello,
I see the patches are released for Isilon Shell shock bug. Is patch installations on Isilon cluster requires, Cluster reboot in rolling fashion ?
Is it impactful to customers ? OneFS patches video doesn't provide information about any reboot
Please suggest.
Thank you
dynamox
9 Legend
•
20.4K Posts
•
87.4K Points
1
October 13th, 2014 11:00
it depends on the patch, some patches require you to kill/restart certain services (some likewise patches for example). So while it might be impactful to one protocol customers, it won't impact others. None of the patches that i have installed in the past have required entire cluster reboot. If you download the patch and look at the README file, it will tell you what to do.