upgrade git to >2.7.3 on vcs-sync machines to address CVE-2016-2324 and CVE‑2016‑2315

RESOLVED FIXED

Status

Developer Services
General
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: hwine, Assigned: hwine)

Tracking

Details

(Assignee)

Description

2 years ago
The remaining vcs-sync machines are in 2 locations:
 - 1 in scl3 on RHEL
 - 2 in AWS on AWS linux

The one in scl3 is covered by the general puppet update.

The ones in AWS need special attention as AWS has not yet released an update RPM for Amazon Linux.
(Assignee)

Comment 1

2 years ago
The 2.7.4 as used on our rhel machines of course did not work on amazon. And the vcs-sync machines don't have packages to build fresh RPMs, so:
 - create new t2.micro instance
 - install rpm-build
 - get the SRPMS from fubar used for bug 1257645 
 - do rpm installs as needed to get that to build cleanly
 - only 'git' and 'perl-git' RPMs are needed
 - install those 2 RPMs on the AWS vcs-sync instances
Assignee: nobody → hwine
Status: NEW → ASSIGNED
(Assignee)

Comment 2

2 years ago
All vcssync hosts now report a git version of 2.7.4
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.