Serious vulnerability in pwnkit (CVE-2021-4034)

Pwnkit is installed by default in most linux distributions, there is no permanent fix yet but there is a workaround, you can remove the suid bit from the binary using chmod 0755 /usr/bin/pkexec and that will make it impossible to exploit this bug.

  • Pkexec is installed by default on all major Linux distributions.
  • Pkexec has been vulnerable since its creation in May 2009.
  • Any unprivileged local user can exploit this vulnerability to get full root privileges.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034

Serious vulnerability in sudo (CVE-2021-3156)

Make sure to install the latest security updates in your instances to fix a Serious vulnerability in sudo (CVE-2021-3156) that will let any user run any command as root without entering a password.

In combination with other less severe security exploits this can in some cases be used to compromise your instances remotely.

Read more about it: https://www.openwall.com/lists/oss-security/2021/01/26/3

From Pilot to Production

As SNIC Science Cloud has gone from a pilot to a production resource, the pilot regions in the cloud will be replaced new regions with production hardware.

The region at C3SE has already been replaced by the new WEST-1 region; running OpenStack Rocky on new hardware.

The other pilot cloud-regions at UPPMAX and HPC2N will soon be replaced with the EAST-1 and NORTH-1 regions.

If you are starting up new projects in the cloud we suggest that you use the WEST-1 region for now until the other regions becomes available, because otherwise you will have to migrate your workload to the new regions soon.

Important Security Announcement

Due to the latest security flaws in Intel CPU:s, users of SNIC Science Cloud must patch all instances to the latest kernel as soon as possible.

  • If you are running a Debian or Ubuntu instance run:
    apt-get update
    apt-get upgrade
  • If you are running a CentOS instance run:
    yum update

Scheduled downtime for the HPC2N region of SSC – 3/9 2018

One of the central network switches in the storage-infrastructure will be replaced due to a failed fan and to do this we must shut down all running instances in the HPC2N region on 3/9 2018 between 08:00 and 12:00.

This will only effect the HPC2N region and will not have any impact on instances running in the other SSC regions.

However login via the web dashboard to the other regions will not work during this maintenance period.

SNIC Science Cloud Workshop in Sundsvall, 31 August 2018

The SNIC Science Cloud (SSC) invites all interested current and future users to a training workshop on an introductory level at Mid Sweden University, Campus Sundsvall, 10:00-16:00 on the 31st of August.

We will introduce cloud computing in general, including covering the best practices around security and you will learn the basics of how to work with the OpenStack based Infrastructure-as-a-Service (IaaS). The majority of the time will be spent in lab sessions on basic usage of the IaaS cloud.
You need to bring a laptop, but no prior experience of using cloud resources are required.

For more information and registration here: https://www.hpc2n.umu.se/events/courses/cloud-workshop-august-2018

SSC Introductory Workshop at C3SE, Göteborg

We would like to invite all interested current and future users to a training workshop on introductory level at C3SE, Göteborg, on Oct 23, 10-16. We will introduce cloud computing in general, including covering best practices around security. The majority of time will be spent in lab sessions on basic usage of the IaaS cloud.

Please register here.

Location: Chalmers University of Technology, Room Raven & Fox, Fysik forskarhus 5th floor.

Visiting address: Chalmers Campus Johanneberg, Room Raven & Fox, Fysik forskarhus, 5th floor entrance Fysikgränd 3.

Note the the number of participants are limited to around 25, and spots will be filled on a first-come-first serve basis.

You need to bring a laptop, no prior experience of using cloud resources are required.

SSC training workshop at HPC2N on Oct 10

We would like to invite all interested current and future users to a training workshop on introductory level at HPC2N, Umeå, on Oct 10. We will introduce cloud computing in general, including covering best practices around security. The majority of time will be spent in lab sessions on basic usage of the IaaS cloud.

Please register here.

Note the the number of participants are limited to around 25, and spots will be filled on a first-come-first serve basis.

You need to bring a laptop, no prior experience of using cloud resources are required.