[EHPweb] Fwd: eSAS Emergency Maintenance

Bidwell, Christopher cbidwell at usgs.gov
Wed Jun 11 17:15:28 UTC 2014 

FYI

This affects geomag,  landslides,  and geohazards websites.
---------- Forwarded message ----------
From: "La, Lien" <lla at usgs.gov>
Date: Jun 11, 2014 12:03 PM
Subject: eSAS Emergency Maintenance
To:
Cc: "eSAS" <gs_help_esas at usgs.gov>

TO:  All eSAS Customers


DOI External Scanning has identified the latest high severity OpenSSL
vulnerabilities on websites behind the WAFs. The eSAS team needs to conduct
a firmware upgrade on all WAFs to resolve the vulnerabilities.  All
affected sites with failover functionality will remain functional through
an alternate regional devices.


TODAY'S DATE: Wednesday, June 11, 2014



PLANNED CHANGE DATE/TIME:


·      Thursday, June 12, 2014, 5:00 PM - 8:00 PM PST

for WAFs located at Menlo Park Campus (network address spaces 137.227.239.x
and 137.227.233.x)

for WAFs located at the Denver Federal Center (network address spaces
137.227.231.x and 137.227.229.x)


 ·      Friday, June 13, 2014, 5:00 PM - 6:00 PM PST

for WAF located at the Reston National Center (network address space
137.227.248.x)

* Please note that the Reston WAF will be shutdown after the upgrade for
the Reston planned power outage scheduled for Saturday.



CATEGORY OF CHANGE: High


ANTICIPATED IMPACT ON USER COMMUNITY:


Production eSAS sites with failover configuration will remain functional
through the alternate regional failover devices until the upgrade is
completed; however, sites without a failover configuration will not be
accessible during this time.



DESCRIPTION OF CHANGE:  The WAF appliances will be upgraded to firmware version
7.8.1.017.



RATIONALE FOR CHANGE:  The firmware upgrade is necessary to fix the OpenSSL Man
in the Middle Security Bypass Vulnerability (CVE-2014-0224).



INDIVIDUAL(S) RESPONSIBLE FOR CHANGE:   ITSOT eSAS Team.


For any questions or concerns, please send email to GS Help eSAS.


-------------------------------------------------------------
Lien La
IT Security Operations Team
Office of Information Technical Services
U.S. Geological Survey
Email:  lla at usgs.gov
<https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=lla@usgs.gov>
Work:  650.329.4062
Mobile:  650.207.0328
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://geohazards.usgs.gov/pipermail/ehpweb/attachments/20140611/8b2abff7/attachment.html>

More information about the EHPweb mailing list