Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

SVG:Advisory-SVG-2015-9517

From EGIWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisory-SVG-2015-9517



** WHITE information - Unlimited distribution allowed                       **  

** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **


Title:       EGI SVG Advisory/Alert - security notice regarding signing key and binary downloads of Ceph 

Date:       2015-10-13
Updated:     


URL:         https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-9517


Short Alert
===========

Ceph is a distributed storage solution and is used in some sites in the EGI infrastructure.

A security notice has been issued by Ceph regarding singing key and binary downloads of Ceph. 

Sites running Ceph should check the following link:

http://ceph.com/releases/important-security-notice-regarding-signing-key-and-binary-downloads-of-ceph/

and check which version they have and that it is signed appropriately if they have not done so already.

It is difficult to find whether any EGI sites are affected by this security issue, or the risk if any 
have been so we leave it to sites to check. 


Timeline  
========
Yyyy-mm-dd

2015-09-21 SVG and CSIRT alerted to this issue by Sophie Ferry 
2015-09-21 Acknowledgement from the EGI SVG to the reporter
2015-09-28 SVG agreed a short alert to sites should be sent
2015-10-12 Alert drafted
2015-10-13 Alert sent to sites
Retrieved from "https://wiki.egi.eu/w/index.php?title=SVG:Advisory-SVG-2015-9517&oldid=84128"