Updating tzdata

This accidental denial of service may result in unplanned outages and significant headaches for you – the systems admin.So, we publish the updated tzdata files where you can get them automatically.

updating tzdata-4updating tzdata-40

Scientific Linux ships with security updates on by default so that the systems installed for short term research by people who don’t want to maintain them don’t become a hazard to the rest of the internet community.

Professional systems admins who want to schedule their updates can figure out how to disable the automatic updates. We aim to have them out within a few days after receiving them from upstream.

This repo also contains the latest ‘tzdata’ and ‘selinux-policy’ to ensure fixes to these package help protect your system security. The ‘fastbugs’ repo contains package updates which are not security-related (bugfixes and enhancements).

Scientific Linux is installed by people of all backgrounds and skill sets. Most scientists are too busy doing research to also take systems administration classes.

I checked our setup, and NTP was still functioning as expected.

The problem, it turns out, was that some of our build machines had not yet changed over to Daylight Savings Time (DST), something NTP doesn’t assist with.

To fix the problem, I figured out how to use NTP on a private network.

Imagine my surprise when, while performing a build today, I noticed more clock skew warnings!

Run this command and you should be all set: With the tzdata updates, there is the possibility of a replay attack or, for our Kerberos users, a denial of service.

Both of these possibilities are due to the change in the system clock. However, if your Kerberos system is running Scientific Linux you may find yourself unable to get tickets if the clock is sufficiently different.

To help enhance the security of your systems, we publish selinux updates as though they were security updates.

Tags: , ,