Security Update: Mitigation of ssh-keysign Vulnerability & Impact on Debugging/Profiling Tools
Subscribe
Monitoring - Summary:
We have successfully deployed a system-wide mitigation across the Mahuika environment to address the recently disclosed ssh-keysign vulnerability. While the cluster remains fully operational and secure, the security measures implemented may affect certain user workflows, specifically those relying on system call tracing and process debugging.
What You Need to Know (User Impact):
To effectively neutralize this vulnerability, we have implemented strict restrictions on ptrace capabilities across the environment (including on compute nodes).
If your research or development workflow involves attaching to running processes, you will likely experience permission errors (e.g., Operation not permitted).
Potentially Affected Tools:
• Debuggers: gdb, Arm Forge (DDT), TotalView, or attaching to processes via IDEs.
• System Tracers: strace, ltrace.
• Performance Profilers: Intel VTune, Valgrind, Linux perf, and various MPI profiling utilities that rely on ptrace to hook into active jobs.
Note on Standard Execution:
Running a program directly under a debugger (e.g., gdb ./my_program) may still work depending on the exact scope of the applied kernel restrictions, but attaching to an already running process (e.g., gdb -p ) will be blocked.
Next Steps & Support:
For now we have implemented the strictest mitigation and will evaluate this further next week. We understand that process profiling and debugging are critical components of HPC development. If this mitigation breaks an essential part of your workflow, please contact the support team. We can discuss alternative profiling methods. Thank you for your cooperation as we work to maintain a secure environment for all users.
May 16, 2026 - 12:59 NZST
We have successfully deployed a system-wide mitigation across the Mahuika environment to address the recently disclosed ssh-keysign vulnerability. While the cluster remains fully operational and secure, the security measures implemented may affect certain user workflows, specifically those relying on system call tracing and process debugging.
What You Need to Know (User Impact):
To effectively neutralize this vulnerability, we have implemented strict restrictions on ptrace capabilities across the environment (including on compute nodes).
If your research or development workflow involves attaching to running processes, you will likely experience permission errors (e.g., Operation not permitted).
Potentially Affected Tools:
• Debuggers: gdb, Arm Forge (DDT), TotalView, or attaching to processes via IDEs.
• System Tracers: strace, ltrace.
• Performance Profilers: Intel VTune, Valgrind, Linux perf, and various MPI profiling utilities that rely on ptrace to hook into active jobs.
Note on Standard Execution:
Running a program directly under a debugger (e.g., gdb ./my_program) may still work depending on the exact scope of the applied kernel restrictions, but attaching to an already running process (e.g., gdb -p ) will be blocked.
Next Steps & Support:
For now we have implemented the strictest mitigation and will evaluate this further next week. We understand that process profiling and debugging are critical components of HPC development. If this mitigation breaks an essential part of your workflow, please contact the support team. We can discuss alternative profiling methods. Thank you for your cooperation as we work to maintain a secure environment for all users.
May 16, 2026 - 12:59 NZST
About This Site
This page shares the system status of REANNZ's advanced computing platform and storage services, including impacts of any known outages or planned maintenance work.
Please note that these services are currently only supported within business hours, so there may be delays in communicating outages outside of these hours despite best efforts.
To view the status of REANNZ's network services, visit: https://reannz.status.io
Apply for Access
Operational
Data Transfer
Operational
Submit new HPC Jobs
Operational
Jobs running on HPC
Operational
NeSI OnDemand
Operational
HPC Storage
Operational
User Support System
Operational
Support Documentation
Operational
Flexible High Performance Cloud
Operational
Long-term Storage (Freezer)
Operational
Flexible High Performance Cloud Services
Operational
Virtual Compute Service
Operational
Bare Metal Compute Service
Operational
FlexiHPC Dashboard (web interface)
Operational
FlexiHPC CLI interface
Operational
Public API of the FlexiHPC Service
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.
Scheduled Maintenance
Announcement - Flexible High Performance Cloud - Update Servers for 'CopyFail' & 'DirtyFrag' Mitigations May 12, 2026 16:15 - May 19, 2026 16:15 NZST
Because the security world loves catchy names almost as much as it loves ruining a perfectly good week, we have two new vulnerabilities to bring to your attention: CopyFail and DirtyFrag. While they sound like a forgotten 90s hacker movie duo, they are very real, and your cloud servers need an update to stay secure.
How to Mitigate: Please update your Research Developer Cloud instances at your earliest convenience. You have two paths to a clean bill of health:
* The Fresh Start (New Images): We have already created and deployed shiny new, pre-patched images. You can simply spin up new instances using these mitigated images and migrate your workloads over.
* The Hands-On Approach (Patch In-Place): If you prefer to keep your current instances running, please apply the recommended OS-level updates and mitigations directly to your existing servers. See links to relevant information below.
Need a hand? If things go sideways during the update, or if you just need some assistance navigating the mitigations, our support team is ready to help. Please reach out to us!
Stay secure (and un-fragged),
REANNZ Advanced Computing Team
Copy Fail
* https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available
* https://forums.rockylinux.org/t/copyfail-cve-2026-31431-patches-now-available-for-rocky-linux/20422
* https://access.redhat.com/solutions/7141931
Dirty Frag
* https://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available
* https://forums.rockylinux.org/t/dirty-frag-exploit/20426
* https://access.redhat.com/security/vulnerabilities/RHSB-2026-003
Posted on May 12, 2026 - 16:06 NZST
How to Mitigate: Please update your Research Developer Cloud instances at your earliest convenience. You have two paths to a clean bill of health:
* The Fresh Start (New Images): We have already created and deployed shiny new, pre-patched images. You can simply spin up new instances using these mitigated images and migrate your workloads over.
* The Hands-On Approach (Patch In-Place): If you prefer to keep your current instances running, please apply the recommended OS-level updates and mitigations directly to your existing servers. See links to relevant information below.
Need a hand? If things go sideways during the update, or if you just need some assistance navigating the mitigations, our support team is ready to help. Please reach out to us!
Stay secure (and un-fragged),
REANNZ Advanced Computing Team
Copy Fail
* https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available
* https://forums.rockylinux.org/t/copyfail-cve-2026-31431-patches-now-available-for-rocky-linux/20422
* https://access.redhat.com/solutions/7141931
Dirty Frag
* https://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available
* https://forums.rockylinux.org/t/dirty-frag-exploit/20426
* https://access.redhat.com/security/vulnerabilities/RHSB-2026-003
Posted on May 12, 2026 - 16:06 NZST