The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "EGI CSIRT:Advisory/EGI-ADV-20120801/"
Jump to navigation
Jump to search
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{New-Egi-csirt-header}} | |||
[https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts Back to Alerts] | |||
<pre> | <pre> | ||
| Line 13: | Line 17: | ||
Date: 2012-08-01 send to sites | Date: 2012-08-01 send to sites | ||
Introduction | Introduction | ||
============ | ============ | ||
This advisory is being issued to remind sites which currently deploy gLite 3.2 software | This advisory is being issued to remind sites which currently deploy gLite 3.2 | ||
components which are no longer under security support to migrate to supported software. | software components which are no longer under security support to migrate to | ||
supported software. | |||
Various sites still deploy gLite 3.2 middleware components which on the 1st August 2012 are | Various sites still deploy gLite 3.2 middleware components which on the | ||
no longer under security support. | 1st August 2012 are no longer under security support. | ||
The gLite 3.1 distribution is now retired. Sites still deploying gLite 3.1 software components | The gLite 3.1 distribution is now retired. Sites still deploying gLite 3.1 | ||
have also been identified. This advisory includes a reminder of the decommissioning calendar applicable | software components have also been identified. This advisory includes a reminder | ||
to gLite 3.1 software components and generally speaking to any software reliant on RHEL4 derivatives. | of the decommissioning calendar applicable to gLite 3.1 software components and | ||
generally speaking to any software reliant on RHEL4 derivatives. | |||
This advisory describes the detailed timelines for the retirement of unsupported software components | This advisory describes the detailed timelines for the retirement of unsupported | ||
as agreed between EGI CSIRT, the Operations Management Board, and the Security Co-ordination Group, | software components as agreed between EGI CSIRT, the Operations Management Board, | ||
which must be adhered to and describes the consequence of failing to do so. | and the Security Co-ordination Group, which must be adhered to and describes the | ||
consequence of failing to do so. | |||
It should be noted that regardless of these deadlines if a critical vulnerability affecting any software | It should be noted that regardless of these deadlines if a critical vulnerability | ||
out of security support is published it may not be possible to produce an update and will be necessary | affecting any software out of security support is published it may not be possible | ||
to immediately stop the affected services and reinstall with currently supported software releases. | to produce an update and will be necessary to immediately stop the affected services | ||
and reinstall with currently supported software releases. | |||
| Line 60: | Line 66: | ||
See gLite 3.2 support calendar [R 1]. This advisory refers to these. | See gLite 3.2 support calendar [R 1]. This advisory refers to these. | ||
All unsupported gLite 3.2 software components listed above and deployed in production are | All unsupported gLite 3.2 software components listed above and deployed | ||
expected to migrate away as soon as possible and no later than 1st October 2012. | in production are expected to migrate away as soon as possible and no later | ||
than 1st October 2012. | |||
Deployment of the unsupported gLite 3.2 components listed above will be monitored by EGI CSIRT. | Deployment of the unsupported gLite 3.2 components listed above will be monitored | ||
A report of any sites which are still deploying the unsupported gLite 3.2 components after | by EGI CSIRT. A report of any sites which are still deploying the unsupported | ||
01 October 2012, will be produced for EGI management. | gLite 3.2 components after 01 October 2012, will be produced for EGI management. | ||
| Line 71: | Line 78: | ||
================= | ================= | ||
From 1st November 2012 sites still deploying the unsupported gLite 3.2 software components | From 1st November 2012 sites still deploying the unsupported gLite 3.2 software | ||
mentioned above will be asked to migrate to supported software immediately or to shutdown | components mentioned above will be asked to migrate to supported software immediately | ||
services. | or to shutdown services. | ||
Sites may face site suspension if failing to migrate their services. | Sites may face site suspension if failing to migrate their services. | ||
Exceptions may be made if the site is in communication with EGI CSIRT and upgrades are in progress. | Exceptions may be made if the site is in communication with EGI CSIRT and upgrades are | ||
As it is acknowledged that some sites wish to migrate from gLite 3.2 to the UMD 2/EMI 2/RHEL6 based | in progress. As it is acknowledged that some sites wish to migrate from gLite 3.2 to the | ||
versions, exceptions may also be made if the site is planning to migrate | UMD 2/EMI 2/RHEL6 based versions, exceptions may also be made if the site is planning to | ||
RHEL6 but the appropriate software is not available in EGI UMD2 on 01 November 2012 or has been | migrate straight to EMI 2 based on RHEL6 but the appropriate software is not available in | ||
available for less than 1 month. | EGI UMD2 on 01 November 2012 or has been available for less than 1 month. | ||
| Line 86: | Line 93: | ||
================================================================= | ================================================================= | ||
Sites deploying gLite 3.1 software components and/or software reliant on RHEL4 (including SL4) must | Sites deploying gLite 3.1 software components and/or software reliant on RHEL4 | ||
migrate away from these by 1st October 2012. | (including SL4) must migrate away from these by 1st October 2012. | ||
These sites have been individually contacted by CSIRT on 16th July 2012, therefore should | These sites have been individually contacted by CSIRT on 16th July 2012, therefore | ||
be aware of this. | should be aware of this. | ||
On 1st October 2012 such sites will be asked to migrate to supported software or shutdown | On 1st October 2012 such sites will be asked to migrate to supported software or shutdown | ||
| Line 102: | Line 109: | ||
of security support on 1st August 2012. Retirement calendars for software | of security support on 1st August 2012. Retirement calendars for software | ||
which comes out of security support in the future will be made at a later date. | which comes out of security support in the future will be made at a later date. | ||
| Line 123: | Line 128: | ||
</pre> | </pre> | ||
[https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts Back to Alerts] | |||
Latest revision as of 13:53, 25 September 2012
| EGI-CSIRT web site | EGI-CSIRT Public wiki | EGI-CSIRT Contacts | EGI-CSIRT Activities | EGI-CSIRT Private wiki |
** WHITE information - unlimited distribution allowed **
** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **
EGI CSIRT ADVISORY [EGI-ADV-20120801]
Title: EGI CSIRT ADVISORY [EGI-ADV-20120801] concerning gLite 3.2
middleware components no longer supported on 01 August 2012.
Date: 2012-08-01 send to sites
Introduction
============
This advisory is being issued to remind sites which currently deploy gLite 3.2
software components which are no longer under security support to migrate to
supported software.
Various sites still deploy gLite 3.2 middleware components which on the
1st August 2012 are no longer under security support.
The gLite 3.1 distribution is now retired. Sites still deploying gLite 3.1
software components have also been identified. This advisory includes a reminder
of the decommissioning calendar applicable to gLite 3.1 software components and
generally speaking to any software reliant on RHEL4 derivatives.
This advisory describes the detailed timelines for the retirement of unsupported
software components as agreed between EGI CSIRT, the Operations Management Board,
and the Security Co-ordination Group, which must be adhered to and describes the
consequence of failing to do so.
It should be noted that regardless of these deadlines if a critical vulnerability
affecting any software out of security support is published it may not be possible
to produce an update and will be necessary to immediately stop the affected services
and reinstall with currently supported software releases.
Retirement calendar of gLite 3.2 components out of security support on 1st August 2012
=======================================================================================
The gLite 3.2 components currently out of security support are:
APEL
ARGUS
BDII
Cluster
CREAM
dCache
LB
LSF utils
MPI utils
SCAS
SGE utils
Torque client/server/utils
VOMS
See gLite 3.2 support calendar [R 1]. This advisory refers to these.
All unsupported gLite 3.2 software components listed above and deployed
in production are expected to migrate away as soon as possible and no later
than 1st October 2012.
Deployment of the unsupported gLite 3.2 components listed above will be monitored
by EGI CSIRT. A report of any sites which are still deploying the unsupported
gLite 3.2 components after 01 October 2012, will be produced for EGI management.
Suspension Policy
=================
From 1st November 2012 sites still deploying the unsupported gLite 3.2 software
components mentioned above will be asked to migrate to supported software immediately
or to shutdown services.
Sites may face site suspension if failing to migrate their services.
Exceptions may be made if the site is in communication with EGI CSIRT and upgrades are
in progress. As it is acknowledged that some sites wish to migrate from gLite 3.2 to the
UMD 2/EMI 2/RHEL6 based versions, exceptions may also be made if the site is planning to
migrate straight to EMI 2 based on RHEL6 but the appropriate software is not available in
EGI UMD2 on 01 November 2012 or has been available for less than 1 month.
Reminder for gLite 3.1 and software reliant on RHEL4 derivatives.
=================================================================
Sites deploying gLite 3.1 software components and/or software reliant on RHEL4
(including SL4) must migrate away from these by 1st October 2012.
These sites have been individually contacted by CSIRT on 16th July 2012, therefore
should be aware of this.
On 1st October 2012 such sites will be asked to migrate to supported software or shutdown
services immediately. Failure to comply will result in site suspension.
No exceptions or further extension of this deadline will be made.
Notes
=====
Please be aware that this notice only applies to software which is already out
of security support on 1st August 2012. Retirement calendars for software
which comes out of security support in the future will be made at a later date.
Other information
=================
In the coming months EGI will review its security policies in order to no longer
allow the deployment in production of software which is out of security support.
See [R 2] and [R 3] for further information on supported middleware versions.
References
==========
[R 1] gLite 3.2 support calendar http://glite.cern.ch/R3.2/
[R 2] EMI support calendar http://www.eu-emi.eu/releases#MajRel
[R 3] General support information from technology providers
https://wiki.egi.eu/wiki/Middleware#Technology_Providers