We have released patches to our AMIs and other infrastructure to address CVE-2016-8655. We recommend all CircleCI Enterprise installations follow the instructions below to update both their Services box and their Builder fleet.
If you have any questions or difficulties please contact enterprise-support@circleci.com.
Update the Services box:
- As always, ensure your data is backed up.
- Shut down CircleCI in the Replicated console (or via the CLI).
- Update the kernel using the provided
install_kernel_masterfunction below. - Restart the machine.
#!/bin/bash
function install_kernel_master() {
echo '>>> Installing Kernel'
apt-get update
apt-get install linux-image-3.13.0-105-generic linux-headers-3.13.0-105-generic linux-image-extra-3.13.0-105-generic
apt-cache policy linux-image-3.13.0-105-generic linux-headers-3.13.0-105-generic linux-image-extra-3.13.0-105-generic
}
Update the Builder fleet:
For the builder fleet, update the Launch Configuration to use the updated AMI from the list below:
- ap-northeast-1 = “ami-07f09d60”
- ap-northeast-2 = “ami-90588ffe”
- ap-southeast-1 = “ami-4f54f82c”
- ap-southeast-2 = “ami-040c3467”
- eu-central-1 = “ami-3465a35b”
- eu-west-1 = “ami-d70421a4”
- sa-east-1 = “ami-2e6bf242”
- us-east-1 = “ami-e68f89f1”
- us-west-1 = “ami-901c4af0”
- us-west-2 = “ami-0c57fc6c”
If you are using our Terraform scripts, you can download the new script https://github.com/circleci/enterprise-setup/blob/master/circleci.tf and run terraform apply. We’ve already updated the scripts to include the new AMIs, so terraform should launch new builders automatically with the patched version, and cycle your fleet.
If you are using a non-AWS environment, use the same method to patch your builders you used to patch the Services box.
If any of the above does not apply to your environment, or you encounter issues with your upgrades please contact: enterprise-support@circleci.com.
