Hello, As many of you might have guessed already, the recently published vulnerability CVE-2026-31431 has a high impact on cfarm because all users have SSH access to shared machines.
We patched the vulnerability as soon as we have been made aware of it: - on April 29th at 21:30 UTC, we deployed the documented workaround (module blacklisting) on all Linux machines - on May 1st at 21:00 UTC, we deployed an additional workaround via kernel cmdline on a few machines (Rocky / AlmaLinux), after somebody helpfully pointed out that RedHat kernels have a specific config that prevents the first workaround from working [3] - kernel versions have been upgraded where practical (that is, when the OS vendor has been providing quick updates) As far as we know, the vulnerability has not been exploited on cfarm, but it's hard to be sure. Please report any security-related incident or suspicion to cfarm-admins @ lists.tetaneutral.net. As a reminder, as a shared platform, cfarm should not be used to work on critical/private data or to perform security-sensitive tasks. More info on the CVE: [1] https://copy.fail/ [2] https://www.openwall.com/lists/oss-security/2026/04/29/23 [3] https://www.openwall.com/lists/oss-security/2026/04/30/2 Baptiste
signature.asc
Description: PGP signature
_______________________________________________ cfarm-users mailing list [email protected] https://lists.tetaneutral.net/listinfo/cfarm-users
