Changes between Version 2 and Version 3 of HowTo/ManageCustomImages


Ignore:
Timestamp:
05/13/16 09:41:20 (8 years ago)
Author:
lnevers@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • HowTo/ManageCustomImages

    v2 v3  
    1313=== Security Alerts Sources ===
    1414
    15 In GENI there are mostly CentOS or Ubuntu image.  Both have mailing security mail lists that maintainers should subscribe to. These lists are very low traffic and fairly easy to digest:
     15In GENI there are mostly CentOS or Ubuntu image.  Both have security notices available at:
    1616
    17  https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
     17Ubuntu security notices:  {{{http://www.ubuntu.com/usn/}}}
     18[[BR]]
     19CentOS security alerts:   {{{https://lwn.net/Alerts/CentOS/}}}
    1820
    19  https://lists.centos.org/mailman/listinfo/centos-announce
     21Additionally, you may subscribe or review the Ubuntu and CentOS security mail lists. These lists are very low traffic and fairly easy to digest:
     22
     23For Ubuntu, subscribe to the ubuntu-security-announce mailing list `ubuntu-security-announce@lists.ubuntu.com`, you can subscribe at https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.
     24
     25For CentOS, subscribe to the centos-announce mailing list `centos-announce@centos.org`, you can subscribe at  https://lists.centos.org/mailman/listinfo/centos-announce.
     26
    2027
    2128As an example, here are the emails from both Ubuntu and CentOS Security lists regarding the libc vulnerability announced on in February 2016:
     
    3744You can click on diagnose and there's a script you can download, to see if you are effected, or maybe some mitigation steps.
    3845
    39 Once we identify the package, we'll check to see what we have installed and compare it to the effected versions.  Remember there are various factors to consider depending on the bug. Maybe its package specific or perhaps it is OS version specific (CentOS 5 is effected but 6, or Ubuntu 12.04 is affected, but not 14.04). As an example, the libc vulnerability was addressed by different package names. The Ubuntu package is called `libc6`, and the CentOS is called `glibc` and to address the vulerability the following instructions were given:
     46Once we identify the package, we'll check to see what we have installed and compare it to the effected versions.  Remember there are various factors to consider depending on the bug. Maybe its package specific or perhaps it is OS version specific (CentOS 5 is effected but 6, or Ubuntu 12.04 is affected, but not 14.04). As an example, the libc vulnerability was addressed by different package names. The Ubuntu package is called `libc6`, and the CentOS is called `glibc` and to address the vulnerability the following instructions were given:
    4047
    4148CentOS: {{{ # yum info glibc}}}