OSG-SEC-2018-10-18 [UPDATE] Vulnerability in Linux kernel's create_elf_tables() function
Dear OSG Security Contacts,
This is an update to the prior announcement "OSG-SEC-2018-10-02 Vulnerability in Linux kernel's create_elf_tables() function". This fix is only for HTCondor and patches the vulnerability that could potentially allow an attacker to escalate privileges.
Before you proceed further please note that these instructions to set memory limits will kill running jobs, therefore draining is recommended to prevent new jobs from starting.
- For HTCondor v8.6.x+ installed from RPMs or DEBs on RHEL7, Centos7, SL7, Debian, or Ubuntu (running systemd):
As root run the following commands: mkdir /etc/systemd/system/condor.service.d echo -e '[Service]\nLimitSTACK=16G\n' > \ /etc/systemd/system/condor.service.d/CVE-2018-14634.conf systemctl restart condor
- For HTCondor v8.6.x+ installed from RPMs on RHEL6, SL6, Centos6 (running init):
As root run the following commands:
sed -i 's/ULIMIT_FLAGS=.*/ULIMIT_FLAGS="-Hs 16000000"/' /etc/sysconfig/condor service condor restart
Recommendations for other affected systems can be found in the original announcement.
Please contact the OSG security team at [email protected] if you have any questions or concerns.
OSG Security Team