Please update your servers: glibc vulnerability

Install / Update Security
1

Hi everyone,

There is a security vulnerability in glibc, that renders most of the core components of your operating system vulnerable to attack just by doing a DNS lookup on a malicious domain. More details here: Extremely severe bug leaves dizzying number of software and devices vulnerable | Ars Technica

You should consider updating your servers:

  1. For CentOS: sudo yum clean all && sudo yum update
  2. For Ubuntu: sudo apt-get update && sudo apt-get upgrade

You will also need to reboot your servers after the update. There will be a downtime till your server is up again.

Before reboot, run these commands as a precaution:

sudo service nginx stop
sudo supervisorctl stop all
sudo service mysql stop

After reboot, make sure the services are up:

sudo service nginx status
sudo service mysql status
sudo supervisorctl status

If they are down, you will need to bring them back up.

Possible issues:

  1. You might need to use mysqld instead of mysql based on your OS
  2. If you see that supervisorctl status shows worker processes as FATAL, you might need to update celery. The best way to go about this is to run this command from frappe-bench folder: ./env/bin/pip install --upgrade apps/frappe/requirements.txt

Best,
Anand Doshi.

6 Likes
3

Hi Anand,

I am on a hosted ERP Next. We are unable to login for the past couple of hours. Is it because some maintenance is going on at your level?

4

@santhosh can you send an email on support mentioning your ERPNext sitename?