SVG:Advisory-SVG-2015-9517

From EGIWiki
Jump to: navigation, search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisory-SVG-2015-9517



** WHITE information - Unlimited distribution allowed                       **  

** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **


Title:       EGI SVG Advisory/Alert - security notice regarding signing key and binary downloads of Ceph 

Date:       2015-10-13
Updated:     


URL:         https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-9517


Short Alert
===========

Ceph is a distributed storage solution and is used in some sites in the EGI infrastructure.

A security notice has been issued by Ceph regarding singing key and binary downloads of Ceph. 

Sites running Ceph should check the following link:

http://ceph.com/releases/important-security-notice-regarding-signing-key-and-binary-downloads-of-ceph/

and check which version they have and that it is signed appropriately if they have not done so already.

It is difficult to find whether any EGI sites are affected by this security issue, or the risk if any 
have been so we leave it to sites to check. 


Timeline  
========
Yyyy-mm-dd

2015-09-21 SVG and CSIRT alerted to this issue by Sophie Ferry 
2015-09-21 Acknowledgement from the EGI SVG to the reporter
2015-09-28 SVG agreed a short alert to sites should be sent
2015-10-12 Alert drafted
2015-10-13 Alert sent to sites