FroDo Comware Upgrade
We would like to announce a staged upgrade of the version of Comware running on our HPE 5510 and 5940 FroDos. This blog entry aims to answer the majority of questions that this work will raise. Please, however, feel free to contact the Networks team with any further questions at networks@it.ox.ac.uk
NOTE: This does not include upgrading the dcdist FroDos – these will be upgraded as a separate task in due course.
Why?
As part of ongoing maintenance it is essential that we keep our FroDo software up to date. The new versions of software being deployed address a number of vulnerabilities and bugs. For those interested this upgrade takes us from R1309P06 to R1311P02 for HPE 5510 devices and R2612H01 to R2702 for HPE 5940s. In total this change involves over 330 devices.
Addressed Vulnerabilities
201811140403
- Symptom: CVE-2018-15473
Condition: OpenSSH is prone to a user-enumeration vulnerability. An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. OpenSSH through 7.7 are vulnerable; other versions may also be affected.
Information about the detail of vulnerabilities can be found at https://cve.mitre.org/cve/search_cve_list.html
Impact
The expected impact is ~5-10 minutes for Option 1 customers during which time the FroDo will reload and external services will not be available. For Option 2 customers the impact is expected to be minimal thanks to the In Service Software Upgrade (ISSU) capability.
We will be carrying out the upgrades between 06:30 and 08:00 to minimise impact.
Timescale
We plan to upgrade approximately 80 FroDo’s on each of the following days:
Group A: Thursday 19th September
Group B: Tuesday 24th September
Group C: Thursday 26th September
Group D: Tuesday 1st October
Schedule
We have attempted, where possible, to group devices around main sites and annexes so that those sites will only see one period of disruption from this upgrade schedule. Detailed schedules listing devices and dates can be found at https://docs.ntg.ox.ac.uk/pub/reference/odin-frodo-software-upgrade-september-october-2019
Once again, if you have any further queries then please contact us at networks@it.ox.ac.uk