Patch systems for libarchive vulernability

cloud-gov / cg-atlas

Repository hosting issues and artifacts related to operations of the cloud.gov platform

Creative Commons Zero v1.0 Universal

3 stars 1 forks source link

Patch systems for libarchive vulernability #142

Closed ghost closed 8 years ago

ghost commented 8 years ago

As an SRE, I need to ensure all hosts are patched to remediate a critical vulnerability related to libarchive.

http://www.ubuntu.com/usn/usn-3033-1/

[ ] Ensure that all bosh deployments are using the latest stem cell

From Slack conversation here: https://18f.slack.com/archives/cloud-gov-atlas/p1470678922001861

rogeruiz commented 8 years ago

If it's checked off it's deploying ✅, otherwise it needs attention 🚫.

This covers e/w

[x] deploy-cf
[x] deploy-bosh
[x] deploy-concourse
[x] deploy-monitoring
[x] deploy-discourse
[x] deploy-logsearch
[x] deploy-admin-ui
[ ] deploy-docker-swarm

This covers govcloud

[x] deploy-concourse
[ ] deploy-docker-swarm
[x] deploy-logsearch
[x] deploy-nessus-manager
[x] deploy-admin-ui
[x] deploy-bosh
[x] deploy-monitoring
[x] deploy-cf
[x] deploy-diego

ghost commented 8 years ago

According to CATS and our own indepedent testing, we aren't negatively affected by Diego on stemcell 3262.5 as noted in https://github.com/18F/cg-product/issues/183

ghost commented 8 years ago

@mogul: To patch the docker-swarm systems, I believe we need an 18F employee to review the containers/apps running there and work with the container owners to determine the best way to migrate those containers to other hosts or perhaps determine if those containers can be run as apps on CF.

mogul commented 8 years ago

We believe this to be resolved now.

mogul commented 8 years ago

Just to alleviate my nervousness: @sharms can you confirm that the update yesterday included the Docker swarm?