Juju 1.25.12, 2.0.4, and 2.1.3 Security Update Release

Fri May 26 20:08:46 UTC 2017

We have issued an update to Juju 1.25.12, 2.0.4, and 2.1.3 in order to
address a security issue. The update fixes a privilege escalation
vulnerability when executing `juju-run` on the cloud instances, not to be
confused with the 'juju run' CLI command.

See the following for further details on the vulnerability:

   -

   https://bugs.launchpad.net/juju/+bug/1682411
   -

   CVE-2017-9232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9232

This vulnerability affects all currently distributed versions of Juju
(1.25.x, 2.0.x and 2.1.x). All users are encouraged to upgrade their
existing models and controllers.

How to know if you need to update

---------------------------------

We’ve put together a helpful Python script that will loop through your
controllers and then output the version of each model on the controller. It
requires Python 2.7 or higher.

 curl -L https://goo.gl/59gxnz | python

How do I update? I’m on…

-------------------------

JAAS

~~~~

JAAS has been updated to the new 2.1.3 release. Users with models in JAAS
do not need to perform any upgrade steps to their models that are running
in JAAS.

Juju 2.2-betaX

~~~~~~~~~~~~~~~

Users of the 2.2-beta releases need to temporarily update to using the edge
channel. Users will need to use this until Juju 2.2-rc1 is released in the
coming days. You can easily switch your snap install client by using the
following:

   snap refresh juju --edge --classic

Once you’ve completed this step you’ll need to run through the normal
upgrade steps on your models, as explained in the documentation:

https://jujucharms.com/docs/models-upgrade#the-upgrade-juju-command
<https://jujucharms.com/docs/stable/models-upgrade#the-upgrade-juju-command>

Note for non-snap beta users: we suggest you do not run controllers with
the 2.2 beta releases. We suggest you move to the edge channel of the snap
releases or to wait and redeploy when 2.2 RC1 is released.

Juju 2.1.x

~~~~~~~~~~~~

You can follow the current upgrade documentation to upgrade. Make sure that
you update your controller model as well as each model on that controller.

https://jujucharms.com/docs/2.1/models-upgrade

Juju 2.0.x

~~~~~~~~~~~~

Juju 2.0.x is an older release of Juju. We highly recommend all users
upgrade to the current stable and supported release of Juju 2.1 (see
above).

https://jujucharms.com/docs/2.0/models-upgrade

Juju 1.25.x

~~~~~~~~~~~~

Users of Juju 1.25 can upgrade using the upgrade documentation for their
release.

https://jujucharms.com/docs/1.25/juju-upgrade

Questions/Concerns

------------------

If you have any questions please don’t hesitate to reach out to the team
via:

   -

   the #juju Freenode IRC channel
   -

   the juju mailing list https://lists.ubuntu.com/mailman/listinfo/juju

We encourage everyone to let us know how you're using Juju.

Join us at regular Juju shows - subscribe to our Youtube channel
https://youtube.com/jujucharms

More information

----------------

To learn more about these great technologies please visit

https://jujucharms.com and http://conjure-up.io.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20170526/4f3bc7a7/attachment.html>