GPFS V3.4 and V3.5 for AIX, Linux on Power and Linux on x86 do not ship OpenSSL but action may be required due to the OpenSSL Heartbleed vulnerability (CVE-2014-0160)

Flash (Alert)


Abstract

GPFS V3.4 and V3.5 for AIX, Linux on Power and Linux on x86 do not ship OpenSSL but action may be required due to the OpenSSL Heartbleed vulnerability (CVE-2014-0160)

Content

GPFS V3.4 and V3.5 for AIX, Linux on Power and Linux on x86 do not ship OpenSSL but action may be required due to the OpenSSL Heartbleed vulnerability (CVE-2014-0160)
Remediation:

If you configure your GPFS clusters to use OpenSSL, consult the licensor of the OpenSSL installed on your system for instructions.

If you obtained OpenSSL from the Operating System, information can be found at these links:

AIX: http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq?mode=18&ID=3488&myns=pwraix61&mync=E

Red Hat: https://access.redhat.com/site/solutions/781793

SUSE/Novell: http://support.novell.com/security/cve/CVE-2014-0160.html

After you deploy an unaffected level of OpenSSL on all nodes in your clusters, you should take the following actions:

1. The following can be done on a small group of nodes at each time (ensuring that quorum is maintained) to maintain file system availability:

    a. Stop GPFS on the node
    b. Install the version of OpenSSL which contains the fix
    c. Restart GPFS on the node
2. The following should be done only when all nodes, across the multiple clusters, are running an unaffected level of OpenSSL (i.e., when the above steps are completed):
    a. Change the security keys used for secure communications. Refer to the Advanced Administration Guide, Chapter 1: Accessing GPFS file systems from other GPFS clusters, Changing security keys section . The steps should be taken up to, and including the procedure to ensure that the old key is no longer accepted

    b. If SSH is used to execute remote GPFS commands, then the SSH host keys must also be changed

    c. If SSH is used to execute remote GPFS commands, then SSH user keys/passwords must also be changed.




Change History: 18 April 2014: original document published


Rate this page:

(0 users)Average rating

Document information


More support for:

General Parallel File System

Software version:

3.4.0, 3.5.0

Operating system(s):

AIX, Linux, System x

Reference #:

T1020713

Modified date:

2014-04-22

Translate my page

Machine Translation

Content navigation