Difference between revisions of "SVG:Advisory-SVG-2015-9517"
Jump to navigation
Jump to search
(Created page with "{{svg-header}} <pre> ** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictio...") |
|||
Line 30: | Line 30: | ||
and check which version they have and that it is signed appropriately if they have not done so already. | and check which version they have and that it is signed appropriately if they have not done so already. | ||
It is difficult to find whether any EGI sites are affected by this security issue, or the risk if any have been so we leave it to sites to check. | It is difficult to find whether any EGI sites are affected by this security issue, or the risk if any | ||
have been so we leave it to sites to check. | |||
Latest revision as of 11:42, 13 October 2015
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisory-SVG-2015-9517
** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** Title: EGI SVG Advisory/Alert - security notice regarding signing key and binary downloads of Ceph Date: 2015-10-13 Updated: URL: https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-9517 Short Alert =========== Ceph is a distributed storage solution and is used in some sites in the EGI infrastructure. A security notice has been issued by Ceph regarding singing key and binary downloads of Ceph. Sites running Ceph should check the following link: http://ceph.com/releases/important-security-notice-regarding-signing-key-and-binary-downloads-of-ceph/ and check which version they have and that it is signed appropriately if they have not done so already. It is difficult to find whether any EGI sites are affected by this security issue, or the risk if any have been so we leave it to sites to check. Timeline ======== Yyyy-mm-dd 2015-09-21 SVG and CSIRT alerted to this issue by Sophie Ferry 2015-09-21 Acknowledgement from the EGI SVG to the reporter 2015-09-28 SVG agreed a short alert to sites should be sent 2015-10-12 Alert drafted 2015-10-13 Alert sent to sites