Skip to content

OSG-SEC-2018-10-18 [UPDATE] Vulnerability in Linux kernel's create_elf_tables() function

Dear OSG Security Contacts,

This is an update to the prior announcement "OSG-SEC-2018-10-02 Vulnerability in Linux kernel's create_elf_tables() function". This fix is only for HTCondor and patches the vulnerability that could potentially allow an attacker to escalate privileges.

ACTION RECOMMENDATIONS:

Before you proceed further please note that these instructions to set memory limits will kill running jobs, therefore draining is recommended to prevent new jobs from starting.

  • For HTCondor v8.6.x+ installed from RPMs or DEBs on RHEL7, Centos7, SL7, Debian, or Ubuntu (running systemd):

As root run the following commands: mkdir /etc/systemd/system/condor.service.d echo -e '[Service]\nLimitSTACK=16G\n' > \ /etc/systemd/system/condor.service.d/CVE-2018-14634.conf systemctl restart condor

  • For HTCondor v8.6.x+ installed from RPMs on RHEL6, SL6, Centos6 (running init):

As root run the following commands:

sed -i 's/ULIMIT_FLAGS=.*/ULIMIT_FLAGS="-Hs 16000000"/' /etc/sysconfig/condor
service condor restart

Recommendations for other affected systems can be found in the original announcement.

Please contact the OSG security team at [email protected] if you have any questions or concerns.

OSG Security Team