[gpfsug-discuss] CVE-2021-29740

Ryan Novosielski novosirj at rutgers.edu
Fri Aug 6 19:18:37 BST 2021


Can you clarify which components are affected by this? Do I need to upgrade all clients to mitigate this CVE, or every system that has any portion of GPFS installed, or something different?

--
#BlackLivesMatter
____
|| \\UTGERS,  	 |---------------------------*O*---------------------------
||_// the State	 |         Ryan Novosielski - novosirj at rutgers.edu
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
||  \\    of NJ	 | Office of Advanced Research Computing - MSB C630, Newark
     `'

> On Aug 6, 2021, at 2:13 PM, Felipe Knop <knop at us.ibm.com> wrote:
> 
> Barry,
>  
> At least from the development point of view, the fix should have very minimal impact. ("none",  based on the nature of the code change itself)
>  
>   Felipe
>  
> ----
> Felipe Knop knop at us.ibm.com
> GPFS Development and Security
> IBM Systems
> IBM Building 008
> 2455 South Rd, Poughkeepsie, NY 12601
> (845) 433-9314 T/L 293-9314
>  
>  
>  
> ----- Original message -----
> From: "Barry Chiu" <barryc at northwestern.edu>
> Sent by: gpfsug-discuss-bounces at spectrumscale.org
> To: "gpfsug-discuss at spectrumscale.org" <gpfsug-discuss at spectrumscale.org>
> Cc:
> Subject: [EXTERNAL] Re: [gpfsug-discuss] CVE-2021-29740
> Date: Fri, Aug 6, 2021 1:10 PM
>  
> Hi,
>  
> So, it's been about two months since this security bulletin has been posted, and we haven't seen many replies on this listserv about it.
>  
> Just curious:  Has anyone mitigated the vulnerability by installing the patch or upgrading GPFS?  And how stable has it been for anyone who has?
>  
> Thanks,
> Barry
>  
>  
>  
>  
> Barry Chiu
> Team Lead
> CyberInfrastructure | Platform Services | RCI
> Northwestern University | Information Technology
> barryc at northwestern.edu
> 847.491.2803
>  
> ---
>  
>  
> Damir Krstic damir.krstic at gmail.com
> Tue Jun 1 17:48:26 BST 2021
> 	• Next message: [gpfsug-discuss] CVE-2021-29740
> 	• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Subject: Re: [gpfsug-discuss] CVE-2021-29740
> IBM posted a security bulletin for the spectrum scale (CVE-2021-29740). Not
> a lot of detail provided in that bulletin. Has anyone installed this fix?
> Does anyone have more information about it?
> 
> Thanks,
> Damir
>  
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss 
>  
> 
> 
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss



More information about the gpfsug-discuss mailing list