Security Advisory: Patching Azure HDInsight clusters to address Linux Kernel TCP vulnerabilities
Posted on Wednesday, June 26, 2019
Microsoft Azure is aware of 3 critical vulnerabilities that affect the Linux kernel: (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479). An updated image, with patches for the above vulnerabilities, for HDInsight clusters is now available.
- No further action is needed for clusters that were created after June 24th, 2019. These clusters have picked up the patched images.
- For clusters created prior to June 24th,2019, you will need to reboot the VMs in the cluster at your convenience.
- Reboot all the VMs at the same time: Please use this script (kernel-patch-and-reboot.sh) as a persisted customized script action.
- Reboot VMs in a staggered manner: Please use (HDInsight OS patching) to schedule the reboot of VMs in a staggered manner across a 24-hour window. If you are using scaling feature to scale up the size of the cluster including using Autoscale capability, please use this script (kernel-patch-and-reboot.sh) as a persisted customized script action for the patch to be applied on the scaled up VMs.
Please contact Azure Support in case you encounter any issues.