Important Replibit Version 2016.10.31
Posted by Rick Klemetson, Last modified by Steven Gargano on Jan 18, 2017 10:09 AM
For all Axcient employees that support Replibit and Replibit Partners:
Replibit will be releasing an enhanced version of the software (v2016.10.31) the evening of Wednesday, November 2, 2016. Here is a summary of the updates and improvements you should see in the new version:
Important Security Updates:
Due to a recently discovered security vulnerability in the Linux kernel, it is highly recommended that all Replibit partners update the Linux kernel on all of their devices as soon as possible. To simplify this process Axcient has included a script to perform this task. The below steps should be performed on each Appliance, Vault, and Global Management Portal within a partner’s organization.
Instructions for applying the Dirty Cow fix after the update has been installed on Wednesday evening:
For queries about the Vaults:
Axcient is aware of, and has assessed the risk, to Replibit Vaults, pertaining to Dirty Cow (aka CVE-2016-5195). The current risk to the Replibit Vaults themselves are deemed as a low risk because all logical Vault users are privileged accounts currently; therefore, escalation of privileges provides no benefit to a would-be attacker. Axcient is committed to remediating all security risks and vulnerabilities - the Replibit Vaults are no exception to that rule. Vaults will be updated with the Replibit software once the patch is released Wednesday, November 2, 2016.
For queries about the software:
Dirty Cow (aka CVE-2016-5195) is a recently discovered vulnerability pertaining to the Linux Kernel and found in all versions of Linux for the past nine years. This particular vulnerability could allow access to privilege functions for non-privileged users. After the public announcement of this vulnerability Ubuntu (the version of Linux bundled with Replibit Software) patched the kernel in all currently supported versions of the operating system.
Replibit software has been developed to utilize specific features within the Linux Kernel and is tightly integrated into the operating system it is bundled with. As such, an update to the Kernel could have performance, security, and reliability impacts to Replibit users. Axcient has remediated any risks to the Replibit software and has tested the software to ensure the patch does not provide any such impacts. Axcient will handle any hosted Vaults or Management Portals for you.
Further, an updated ISO has been posted to http://replibit.com/downloads/. It is important to always download a new ISO before deploying a new device.