View entire changelog

Update to address CVE-2016-8655

Dec 09, 2016

Maintenance

We have released patches to our AMIs and other infrastructure to address CVE-2016-8655. We recommend all CircleCI Enterprise installations follow the instructions below to update both their Services box and their Builder fleet.

If you have any questions or difficulties please contact enterprise-support@circleci.com.

Update the Services box:

  1. As always, ensure your data is backed up.
  2. Shut down CircleCI in the Replicated console (or via the CLI).
  3. Update the kernel using the provided install_kernel_master function below.
  4. Restart the machine.
#!/bin/bash
function install_kernel_master() {
    echo '>>> Installing Kernel'
    apt-get update
    apt-get install linux-image-3.13.0-105-generic linux-headers-3.13.0-105-generic linux-image-extra-3.13.0-105-generic
    apt-cache policy linux-image-3.13.0-105-generic linux-headers-3.13.0-105-generic linux-image-extra-3.13.0-105-generic
}

Update the Builder fleet:

For the builder fleet, update the Launch Configuration to use the updated AMI from the list below:

  • ap-northeast-1 = “ami-07f09d60”
  • ap-northeast-2 = “ami-90588ffe”
  • ap-southeast-1 = “ami-4f54f82c”
  • ap-southeast-2 = “ami-040c3467”
  • eu-central-1 = “ami-3465a35b”
  • eu-west-1 = “ami-d70421a4”
  • sa-east-1 = “ami-2e6bf242”
  • us-east-1 = “ami-e68f89f1”
  • us-west-1 = “ami-901c4af0”
  • us-west-2 = “ami-0c57fc6c”

If you are using our Terraform scripts, you can download the new script https://github.com/circleci/enterprise-setup/blob/master/circleci.tf and run terraform apply. We’ve already updated the scripts to include the new AMIs, so terraform should launch new builders automatically with the patched version, and cycle your fleet.

If you are using a non-AWS environment, use the same method to patch your builders you used to patch the Services box.

If any of the above does not apply to your environment, or you encounter issues with your upgrades please contact: enterprise-support@circleci.com.

>Previous changes